diff --git a/src/cli/config/config-export.ts b/src/cli/config/config-export.ts index 5acecae67..5883787ff 100644 --- a/src/cli/config/config-export.ts +++ b/src/cli/config/config-export.ts @@ -176,7 +176,7 @@ export default function setup() { includeReadOnly: options.readOnly, onlyRealm: options.realmOnly, onlyGlobal: options.globalOnly, - onlyCustom: options.onlyCustom + onlyCustom: options.onlyCustom, } ); if (!outcome) process.exitCode = 1; @@ -209,7 +209,7 @@ export default function setup() { includeReadOnly: options.readOnly, onlyRealm: options.realmOnly, onlyGlobal: options.globalOnly, - onlyCustom: options.onlyCustom + onlyCustom: options.onlyCustom, } ); if (!outcome) process.exitCode = 1; diff --git a/src/cli/config/config-import.ts b/src/cli/config/config-import.ts index 20e887ad3..16c02d90c 100644 --- a/src/cli/config/config-import.ts +++ b/src/cli/config/config-import.ts @@ -135,7 +135,7 @@ export default function setup() { includeDefault: options.default, includeActiveValues: options.includeActiveValues, source: options.source, - onlyCustom: options.onlyCustom + onlyCustom: options.onlyCustom, }); if (!outcome) process.exitCode = 1; } @@ -159,7 +159,7 @@ export default function setup() { includeDefault: options.default, includeActiveValues: options.includeActiveValues, source: options.source, - onlyCustom: options.onlyCustom + onlyCustom: options.onlyCustom, }); if (!outcome) process.exitCode = 1; } @@ -177,7 +177,7 @@ export default function setup() { includeDefault: options.default, includeActiveValues: options.includeActiveValues, source: options.source, - onlyCustom: options.onlyCustom + onlyCustom: options.onlyCustom, } ); if (!outcome) process.exitCode = 1; diff --git a/src/cli/iga/iga.ts b/src/cli/iga/iga.ts index 3da94c735..ae14473bf 100644 --- a/src/cli/iga/iga.ts +++ b/src/cli/iga/iga.ts @@ -1,4 +1,5 @@ import { FrodoStubCommand } from '../FrodoCommand'; +import RequestTypeCmd from './request-types/iga-request-type'; import WorkflowCmd from './workflow/iga-workflow'; export default function setup() { @@ -7,6 +8,9 @@ export default function setup() { ); program.addCommand(WorkflowCmd().name('workflow').showHelpAfterError()); + program.addCommand( + RequestTypeCmd().name('request-type').showHelpAfterError() + ); program.showHelpAfterError(); return program; diff --git a/src/cli/iga/request-types/iga-request-type-delete.ts b/src/cli/iga/request-types/iga-request-type-delete.ts new file mode 100644 index 000000000..e628df342 --- /dev/null +++ b/src/cli/iga/request-types/iga-request-type-delete.ts @@ -0,0 +1,86 @@ +import { frodo, state } from '@rockcarver/frodo-lib'; +import { Option } from 'commander'; + +import { getTokens } from '../../../ops/AuthenticateOps'; +import { + deleteAllRequestTypes, + deleteRequestType, +} from '../../../ops/cloud/iga/IgaRequestTypesOps'; +import { printMessage, verboseMessage } from '../../../utils/Console.js'; +import { FrodoCommand } from '../../FrodoCommand'; + +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; + +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; + +export default function setup() { + const program = new FrodoCommand('frodo iga request-type delete'); + + program + .description('Delete request type.') + .addOption( + new Option( + '-n, --request-type-name ', + 'Request type name. If specified, -a is ignored.' + ) + ) + + .addOption( + new Option('-a, --all', 'Delete all request types. Ignored with -n.') + ) + .action( + // implement command logic inside action handler + async (host, realm, user, password, options, command) => { + command.handleDefaultArgsAndOpts( + host, + realm, + user, + password, + options, + command + ); + if (!options.requestTypeName && !options.all) { + printMessage( + 'Unrecognized combination of options or no options...', + 'error' + ); + program.help(); + process.exitCode = 1; + return; + } + const getTokensIsSuccessful = await getTokens( + false, + true, + deploymentTypes + ); + if (!getTokensIsSuccessful) { + printMessage('Error getting tokens', 'error'); + process.exitCode = 1; + return; + } + if (!state.getIsIGA()) { + printMessage( + 'Command not supported for non-IGA cloud tenants', + 'error' + ); + process.exitCode = 1; + return; + } + // delete by id + if (options.requestTypeName) { + verboseMessage('Deleting request type...'); + const outcome = await deleteRequestType(options.requestTypeName); + if (!outcome) process.exitCode = 1; + } + // --all -a + else if (options.all) { + verboseMessage('Deleting all request types...'); + const outcome = await deleteAllRequestTypes(); + if (!outcome) process.exitCode = 1; + } + } + // end command logic inside action handler + ); + + return program; +} diff --git a/src/cli/iga/request-types/iga-request-type-describe.ts b/src/cli/iga/request-types/iga-request-type-describe.ts new file mode 100644 index 000000000..a8082bc8c --- /dev/null +++ b/src/cli/iga/request-types/iga-request-type-describe.ts @@ -0,0 +1,75 @@ +import { frodo, state } from '@rockcarver/frodo-lib'; +import { Option } from 'commander'; + +import { getTokens } from '../../../ops/AuthenticateOps'; +import { describeRequestType } from '../../../ops/cloud/iga/IgaRequestTypesOps'; +import { printMessage, verboseMessage } from '../../../utils/Console'; +import { FrodoCommand } from '../../FrodoCommand'; + +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; + +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; + +export default function setup() { + const program = new FrodoCommand('frodo iga request-type describe'); + + program + .description('Describe request type.') + .addOption( + new Option( + '-n, --request-type-name ', + 'Request type name. If not specified, will describe first request type in the provided export file.' + ) + ) + .addOption( + new Option( + '-f, --file ', + 'Name of the request type export file to describe. If not specified, will automatically pull the request type export data of the provided id from the tenant.' + ) + ) + .action(async (host, realm, user, password, options, command) => { + command.handleDefaultArgsAndOpts( + host, + realm, + user, + password, + options, + command + ); + if (!options.requestTypeName && !options.file) { + printMessage( + 'Unrecognized combination of options or no options...', + 'error' + ); + program.help(); + process.exitCode = 1; + return; + } + const getTokensIsSuccessful = await getTokens( + false, + true, + deploymentTypes + ); + if (!getTokensIsSuccessful) { + printMessage('Error getting tokens', 'error'); + process.exitCode = 1; + return; + } + if (!state.getIsIGA()) { + printMessage( + 'Command not supported for non-IGA cloud tenants', + 'error' + ); + process.exitCode = 1; + return; + } + verboseMessage(`Describing workflow ${options.requestTypeName}...`); + const outcome = await describeRequestType( + options.requestTypeName, + options.file + ); + if (!outcome) process.exitCode = 1; + }); + + return program; +} diff --git a/src/cli/iga/request-types/iga-request-type-export.ts b/src/cli/iga/request-types/iga-request-type-export.ts new file mode 100644 index 000000000..5dd4e9d6b --- /dev/null +++ b/src/cli/iga/request-types/iga-request-type-export.ts @@ -0,0 +1,166 @@ +import { frodo, state } from '@rockcarver/frodo-lib'; +import { Option } from 'commander'; + +import { getTokens } from '../../../ops/AuthenticateOps'; +import { + exportAllRequestTypesToFiles, + exportAllRequestTypeToFile, + exportRequestTypeToFile, +} from '../../../ops/cloud/iga/IgaRequestTypesOps'; +import { printMessage, verboseMessage } from '../../../utils/Console.js'; +import { FrodoCommand } from '../../FrodoCommand'; + +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; + +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; + +export default function setup() { + const program = new FrodoCommand( + 'frodo iga request-type export', + [], + deploymentTypes + ); + + program + .description('Export request-type.') + .addOption( + new Option( + '-n, --request-type-name ', + 'Request type name. If specified, -a and -A are ignored.' + ) + ) + .addOption( + new Option( + '-f, --file [file]', + 'Name of the export file. Ignored with -A. Defaults to .request-type.json.' + ) + ) + .addOption( + new Option( + '-a, --all', + 'Export all request types to a single file. Ignored with -i.' + ) + ) + .addOption( + new Option( + '-A, --all-separate', + 'Export all request types as separate files .request-type.json. Ignored with -i, and -a.' + ) + ) + .addOption( + new Option( + '-N, --no-metadata', + 'Do not include metadata in the export file.' + ) + ) + .addOption( + new Option( + '-M, --modified-properties', + 'Include modified properties in export (e.g. lastModifiedDate, lastModifiedBy, createdBy, creationDate, etc.)' + ).default(false, 'false') + ) + .addOption( + new Option( + '-x, --no-extract', + 'Do not extract the scripts from the exported file and save them to separate files. Ignored with -a.' + ).default(true, 'true') + ) + .addOption( + new Option( + '--use-string-arrays', + 'Where applicable, use string arrays to store scripts.' + ).default(false, 'off') + ) + .addOption( + new Option( + '-R, --read-only', + 'Export non-mutable request-types in addition to the mutable request-types.' + ) + ) + .addOption( + new Option( + '--no-deps', + 'Do not include any dependencies (email templates, request types, events, etc.).' + ) + ) + .action( + // implement command logic inside action handler + async (host, realm, user, password, options, command) => { + command.handleDefaultArgsAndOpts( + host, + realm, + user, + password, + options, + command + ); + if (!options.requestTypeName && !options.all && !options.allSeparate) { + printMessage( + 'Unrecognized combination of options or no options...', + 'error' + ); + program.help(); + process.exit(1); + return; + } + const getTokensIsSuccessful = await getTokens( + false, + true, + deploymentTypes + ); + if (!getTokensIsSuccessful) { + printMessage('Error getting tokens', 'error'); + process.exit(1); + return; + } + if (!state.getIsIGA()) { + printMessage( + 'Command not supported for non-IGA cloud tenants', + 'error' + ); + process.exit(1); + return; + } + // --request-type-name --n + if (options.requestTypeName) { + verboseMessage(`Exporting request "${options.requestTypeName}"...`); + const outcome = await exportRequestTypeToFile( + undefined, + options.requestTypeName, + options.file, + options.metadata, + options.modifiedProperties, + options.extract + ); + if (!outcome) process.exit(1); + } + // --all -a + else if (options.all) { + verboseMessage('Exporting all request types to a single file...'); + const outcome = await exportAllRequestTypeToFile( + options.file, + options.metadata, + options.modifiedProperties + ); + if (!outcome) process.exit(1); + } + // --all-separate -A + else if (options.allSeparate) { + verboseMessage('Exporting all request types to separate files...'); + const outcome = await exportAllRequestTypesToFiles( + options.metadata, + options.modifiedProperties, + options.extract, + { + onlyCustom: options.deps, + useStringArrays: options.useStringArrays, + } + ); + if (!outcome) process.exit(1); + } + } + // end command logic inside action handler + ); + + return program; +} diff --git a/src/cli/iga/request-types/iga-request-type-import.ts b/src/cli/iga/request-types/iga-request-type-import.ts new file mode 100644 index 000000000..20f8487f5 --- /dev/null +++ b/src/cli/iga/request-types/iga-request-type-import.ts @@ -0,0 +1,140 @@ +import { frodo, state } from '@rockcarver/frodo-lib'; +import { Option } from 'commander'; + +import { getTokens } from '../../../ops/AuthenticateOps'; +import { + importFirstRequestTypeFromFile, + importRequestTypeFromFile, + importRequestTypesFromFile, + importRequestTypesFromFiles, +} from '../../../ops/cloud/iga/IgaRequestTypesOps'; +import { printMessage, verboseMessage } from '../../../utils/Console.js'; +import { FrodoCommand } from '../../FrodoCommand'; + +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; + +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; + +export default function setup() { + const program = new FrodoCommand( + 'frodo iga request-type import', + [], + deploymentTypes + ); + + program + .description('Import request-type.') + .addOption( + new Option( + '-n, --request-type-name ', + 'Request type name. If specified, -a and -A are ignored.' + ) + ) + .addOption(new Option('-f, --file ', 'Name of the import file.')) + + .addOption( + new Option( + '-a, --all', + 'Import all request-types from single file. Ignored with -f.' + ) + ) + .addOption( + new Option( + '-A, --all-separate', + 'Import all request-types from separate files (*.requestType.json) in the current directory. Ignored with -i or -a.' + ) + ) + .addOption( + new Option( + '--no-deps', + 'Do not import any dependencies (email templates, request types, events, etc.).' + ) + ) + .action( + // implement program logic inside action handler + async (host, realm, user, password, options, command) => { + command.handleDefaultArgsAndOpts( + host, + realm, + user, + password, + options, + command + ); + const isImportByName = options.requestTypeName && options.file; + const isImportAll = options.all && options.file; + const isImportAllSeparate = options.allSeparate && !options.file; + const isImportFirst = !!options.file; + if ( + !isImportByName && + !isImportAll && + !isImportAllSeparate && + !isImportFirst + ) { + printMessage( + 'Unrecognized combination of options or no options...', + 'error' + ); + program.help(); + process.exit(1); + } + const getTokensIsSuccessful = await getTokens( + false, + true, + deploymentTypes + ); + if (!getTokensIsSuccessful) { + printMessage('Error getting tokens', 'error'); + process.exit(1); + } + if (!state.getIsIGA()) { + printMessage( + 'Command not supported for non-IGA cloud tenants', + 'error' + ); + process.exit(1); + } + // import by id + if (isImportByName) { + verboseMessage( + `Importing request type "${options.requestTypeNamed}"...` + ); + const outcome = await importRequestTypeFromFile( + options.requestTypeName, + options.file, + { + onlyCustom: options.deps, + } + ); + if (!outcome) process.exit(1); + } + // --all -a + else if (isImportAll) { + verboseMessage( + `Importing all request types from a single file (${options.file})...` + ); + const outcome = await importRequestTypesFromFile(options.file); + if (!outcome) process.exit(1); + } + // --all-separate -A + else if (isImportAllSeparate) { + verboseMessage( + 'Importing all request types from separate files (*.requestType.json) in current directory...' + ); + const outcome = await importRequestTypesFromFiles(); + if (!outcome) process.exit(1); + } + // import first workflow from file + else if (isImportFirst) { + verboseMessage( + `Importing first request type from file "${options.file}"...` + ); + const outcome = await importFirstRequestTypeFromFile(options.file); + if (!outcome) process.exit(1); + } + } + // end program logic inside action handler + ); + + return program; +} diff --git a/src/cli/iga/request-types/iga-request-type-list.ts b/src/cli/iga/request-types/iga-request-type-list.ts new file mode 100644 index 000000000..d06950c08 --- /dev/null +++ b/src/cli/iga/request-types/iga-request-type-list.ts @@ -0,0 +1,60 @@ +import { frodo, state } from '@rockcarver/frodo-lib'; +import { Option } from 'commander'; + +import { getTokens } from '../../../ops/AuthenticateOps'; +import { listRequestTypes } from '../../../ops/cloud/iga/IgaRequestTypesOps'; +import { printMessage, verboseMessage } from '../../../utils/Console.js'; +import { FrodoCommand } from '../../FrodoCommand'; + +const { CLOUD_DEPLOYMENT_TYPE_KEY } = frodo.utils.constants; + +const deploymentTypes = [CLOUD_DEPLOYMENT_TYPE_KEY]; + +export default function setup() { + const program = new FrodoCommand( + 'frodo iga request types list', + [], + deploymentTypes + ); + + program + .description('List request types.') + .addOption( + new Option('-l, --long', 'Long with all fields.').default(false, 'false') + ) + .action( + // implement command logic inside action handler + async (host, realm, user, password, options, command) => { + command.handleDefaultArgsAndOpts( + host, + realm, + user, + password, + options, + command + ); + const getTokensIsSuccessful = await getTokens( + false, + true, + deploymentTypes + ); + if (!getTokensIsSuccessful) { + printMessage('Error getting tokens', 'error'); + process.exit(1); + } + if (!state.getIsIGA()) { + printMessage( + 'Command not supported for non-IGA cloud tenants', + 'error' + ); + process.exit(1); + } + verboseMessage(`Listing request types ...`); + const outcome = await listRequestTypes(options.long); + if (!outcome) process.exit(1); + } + // end command logic inside action handler + ); + + return program; +} diff --git a/src/cli/iga/request-types/iga-request-type.ts b/src/cli/iga/request-types/iga-request-type.ts new file mode 100644 index 000000000..f1936e9af --- /dev/null +++ b/src/cli/iga/request-types/iga-request-type.ts @@ -0,0 +1,32 @@ +import { FrodoStubCommand } from '../../FrodoCommand'; +import DeleteCmd from './iga-request-type-delete'; +import DescribeCmd from './iga-request-type-describe'; +import ExportCmd from './iga-request-type-export'; +import ImportCmd from './iga-request-type-import'; +import ListCmd from './iga-request-type-list'; + +export default function setup() { + const program = new FrodoStubCommand('frodo iga request-type'); + + program.description('Manage request types.'); + + program.addCommand( + DeleteCmd().name('delete').description('Delete request-type.') + ); + + program.addCommand(ListCmd().name('list').description('List request-type.')); + + program.addCommand( + ExportCmd().name('export').description('Export request-type.') + ); + + program.addCommand( + ImportCmd().name('import').description('Import request-type.') + ); + + program.addCommand( + DescribeCmd().name('describe').description('Describe request-type.') + ); + + return program; +} diff --git a/src/cli/iga/workflow/iga-workflow-publish.ts b/src/cli/iga/workflow/iga-workflow-publish.ts index 5364a19a0..cf8cf1d75 100644 --- a/src/cli/iga/workflow/iga-workflow-publish.ts +++ b/src/cli/iga/workflow/iga-workflow-publish.ts @@ -30,8 +30,9 @@ export default function setup() { 'Unrecognized combination of options or no options...', 'error' ); - program.help(); + process.exitCode = 1; + program.help(); return; } const getTokensIsSuccessful = await getTokens( diff --git a/src/ops/cloud/iga/IgaRequestTypesOps.ts b/src/ops/cloud/iga/IgaRequestTypesOps.ts new file mode 100644 index 000000000..c69f2712e --- /dev/null +++ b/src/ops/cloud/iga/IgaRequestTypesOps.ts @@ -0,0 +1,617 @@ +import { frodo, FrodoError } from '@rockcarver/frodo-lib'; +import { + RequestTypeSchema, + RequestTypeSchemas, +} from '@rockcarver/frodo-lib/types/api/cloud/iga/IgaRequestTypeApi'; +import { + RequestTypeExportInterface, + RequestTypeExportOptions, + RequestTypeImportOptions, +} from '@rockcarver/frodo-lib/types/ops/cloud/iga/IgaRequestTypeOps'; +import fs from 'fs'; + +import { extractDataToFile } from '../../../utils/Config'; +import { + createKeyValueTable, + createProgressIndicator, + createTable, + printError, + printMessage, + stopProgressIndicator, + updateProgressIndicator, +} from '../../../utils/Console'; + +const { + getTypedFilename, + saveToFile, + saveJsonToFile, + getFilePath, + getWorkingDirectory, +} = frodo.utils; +const { + readRequestTypes, + exportRequestType, + exportRequestTypes, + exportRequestTypeByName, + importRequestTypes, + deleteRequestTypeByName, + deleteRequestTypes, +} = frodo.cloud.iga.requestType; + +/** + * List all the request types + * @param {boolean} long Long version, all the fields + * @returns {Promise} a promise resolving to true if successful, false otherwise + */ +export async function listRequestTypes( + long: boolean = false +): Promise { + try { + const requestTypes = await readRequestTypes(); + if (!long) { + for (const requestType of requestTypes) { + printMessage(`${requestType.displayName}`, 'data'); + } + return true; + } + const table = createTable(['ID', 'Name', 'Type', 'Description']); + for (const requestType of requestTypes) { + table.push([ + `${requestType.id}`, + requestType.displayName, + requestType.workflow.type, + requestType.description ?? '', + ]); + } + printMessage(table.toString(), 'data'); + return true; + } catch (error) { + printError(error); + } + return false; +} + +/** + * Describe a request form + * @param {string} typeName the request form name + * @param {string} file optional file + * @returns {Promise} true if successful, false otherwise + */ +export async function describeRequestType( + typeName?: string, + file?: string +): Promise { + try { + const requestTypeExport: RequestTypeExportInterface = file + ? (JSON.parse( + fs.readFileSync(getFilePath(file), 'utf8') + ) as RequestTypeExportInterface) + : await exportRequestTypeByName(typeName); + + let type; + if (typeName) { + type = Object.values(requestTypeExport.requestType).find( + (t) => t.displayName === typeName + ); + if (!type) { + throw new FrodoError( + `Request type '${typeName}' not found in export${file ? ` file ${file}` : ''}` + ); + } + } else { + const types = Object.values(requestTypeExport.requestType); + if (types.length === 0) { + throw new FrodoError(`No request types found in export file ${file}`); + } + type = types[0]; + } + + // Form Details + printMessage('Request Form', 'data'); + const table = createKeyValueTable(); + table.push(['Id'['brightCyan'], type.id]); + table.push(['Name'['brightCyan'], type.displayName]); + table.push(['Type'['brightCyan'], type.workflow.type]); + table.push(['Description'['brightCyan'], type.description ?? '']); + table.push(['Operation'['brightCyan'], type.categories?.operation ?? '']); + if (type.categories?.applicationType) { + table.push([ + 'Application Type'['brightCyan'], + type.categories.applicationType, + ]); + } + if (type.categories?.objectType) { + table.push(['Object Type'['brightCyan'], type.categories.objectType]); + } + if (type.categories?.lcmType) { + table.push(['LCM Type'['brightCyan'], type.categories.lcmType]); + } + if (type.categories?.requestType) { + table.push(['Request Type'['brightCyan'], type.categories.requestType]); + } + if (type._rev !== undefined) { + table.push(['Revision'['brightCyan'], `${type._rev}`]); + } + if (type.metadata?.createdDate) { + table.push(['Created'['brightCyan'], type.metadata.createdDate]); + } + if (type.metadata?.modifiedDate) { + table.push(['Modified'['brightCyan'], type.metadata.modifiedDate]); + } + printMessage(table.toString() + '\n', 'data'); + + // type Structure (sections and input fields) + printMessage(`Request Type: ${type.displayName} [${type.id}]`, 'data'); + if (type.description) printMessage(` ${type.description}`, 'data'); + printMessage(` Custom: ${type.custom ?? false}`, 'data'); + if (type.workflow?.id) { + printMessage( + ` requestType: ${type.workflow.id} (${type.workflow.type ?? 'n/a'})`, + 'data' + ); + } + + const schemaGroups: (keyof RequestTypeSchemas)[] = [ + 'common', + 'entitlement', + 'user', + 'entity', + 'custom', + ]; + + for (const group of schemaGroups) { + const entries = type.schemas?.[group] ?? []; + if (!entries.length) continue; + printMessage(` ${group} schemas (${entries.length}):`, 'data'); + for (const entry of entries) { + if (typeof entry === 'string') { + printMessage(` - ${entry}`, 'data'); + continue; + } + const schema = entry as RequestTypeSchema; + const name = + schema._meta.displayName ?? schema._meta.display ?? schema._meta.type; + const props = schema._meta.properties ?? {}; + printMessage( + ` - [${schema._meta.type}] ${name} (${Object.keys(props).length} prop(s))`, + 'data' + ); + for (const [propName, prop] of Object.entries(props)) { + const required = prop.isRequired ? ' *'['brightRed'] : ''; + const label = prop.display?.name ?? propName; + printMessage(` - ${label}${required}`, 'data'); + } + } + } + + if (type.validation?.source) + printMessage(` Has validation script`, 'data'); + if (type.customValidation?.source) + printMessage(` Has custom validation script`, 'data'); + + // Assignments + if (type.assignments && type.assignments.length) { + printMessage(`Assignments (${type.assignments.length}):`, 'data'); + for (const assignment of type.assignments) { + printMessage(`- ${assignment.objectId}`, 'data'); + } + printMessage('', 'data'); + } + + return true; + } catch (error) { + printError(error); + } + return false; +} +/** + * Export request type to file by ID + * @param {string} typeId request type id + * @param {string} file file name + * @param {boolean} includeMeta true to include metadata, false otherwise. Default: true + * @param {boolean} keepModifiedProperties true to keep modified properties, otherwise delete them. Default: false + * @param {boolean} extract true to extract scripts to separate files. Default: false + * @param {RequestFormExportOptions} options export options + * @returns {Promise} true if successful, false otherwise + */ +export async function exportRequestTypeToFile( + typeId: string, + typeName: string, + file: string, + includeMeta: boolean = true, + keepModifiedProperties: boolean = false, + extract: boolean = false, + options: RequestTypeExportOptions = { + onlyCustom: false, + useStringArrays: false, + } +): Promise { + const label = typeName ?? typeId; + const indicatorId = createProgressIndicator( + 'determinate', + 1, + `Exporting ${label}...` + ); + try { + const exportData = typeName + ? await exportRequestTypeByName(typeName, options) + : await exportRequestType(typeId, options); + const actualId = Object.keys(exportData.requestType)[0]; + if (!file) { + const name = exportData.requestType[actualId]?.displayName ?? actualId; + file = getTypedFilename(name, 'requestForm'); + } + if (extract) { + extractRequestTypeScriptsToFiles(exportData, actualId); + } + saveJsonToFile( + exportData, + getFilePath(file, true), + includeMeta, + false, + keepModifiedProperties + ); + stopProgressIndicator( + indicatorId, + `Exported request type ${typeName} to file`, + 'success' + ); + return true; + } catch (error) { + stopProgressIndicator( + indicatorId, + `Error exporting request type ${typeName} to file`, + 'fail' + ); + printError(error); + } + return false; +} +/** + * Export all request types to file + * @param {string} file file name + * @param {boolean} includeMeta true to include metadata, false otherwise. Default: true + * @param {boolean} keepModifiedProperties true to keep modified properties, otherwise delete them. Default: false + * @param {RequestTypeExportOptions} options export options + * @returns {Promise} true if successful, false otherwise + */ +export async function exportAllRequestTypeToFile( + file: string, + includeMeta: boolean = true, + keepModifiedProperties: boolean = false, + extract: boolean = false, + options: RequestTypeExportOptions = { + onlyCustom: false, + useStringArrays: false, + } +): Promise { + try { + const exportData = await exportRequestTypes(options); + if (!file) { + file = getTypedFilename('allRequestTypes', 'requestType'); + } + if (extract) { + extractRequestTypeScriptsToFiles(exportData); + } + saveJsonToFile( + exportData, + getFilePath(file, true), + includeMeta, + false, + keepModifiedProperties + ); + return true; + } catch (error) { + printError(error, `Error exporting request types to file`); + } + return false; +} +/** + * Export all request types to separate files + * @param {boolean} includeMeta true to include metadata, false otherwise. Default: true + * @param {boolean} keepModifiedProperties true to keep modified properties, otherwise delete them. Default: false + * @param {RequestTypeExportOptions} options export options + * @returns {Promise} true if successful, false otherwise +// */ +export async function exportAllRequestTypesToFiles( + includeMeta: boolean = true, + keepModifiedProperties: boolean = false, + extract: boolean = false, + options: RequestTypeExportOptions = { + onlyCustom: false, + useStringArrays: false, + } +): Promise { + try { + const exportData = await exportRequestTypes(options); + for (const [typeName, requestType] of Object.entries( + exportData.requestType + )) { + if (extract) { + extractRequestTypeScriptsToFiles(exportData, typeName); + } + saveToFile( + 'requestType', + requestType, + 'id', + getFilePath( + getTypedFilename(requestType.displayName ?? typeName, 'requestType'), + true + ), + includeMeta, + keepModifiedProperties + ); + } + return true; + } catch (error) { + printError(error, `Error exporting request types to files`); + } + return false; +} +/** + * Import a request type from file + * @param {string} typeName request type name + * @param {string} file import file name + * @param {RequestTypeImportOptions} options import options + * @returns {Promise} true if successful, false otherwise + */ +export async function importRequestTypeFromFile( + typeName: string, + file: string, + options: RequestTypeImportOptions = { + onlyCustom: false, + } +): Promise { + let indicatorId: string; + try { + indicatorId = createProgressIndicator( + 'indeterminate', + 0, + 'Importing request types...' + ); + const requestTypePath = getFilePath(file); + const readRequestType = fs.readFileSync(requestTypePath, 'utf8'); + const importData: RequestTypeExportInterface = JSON.parse(readRequestType); + + updateProgressIndicator(indicatorId, 'Importing request types...'); + await importRequestTypes(importData, undefined, typeName, options); + stopProgressIndicator( + indicatorId, + `Successfully imported request types ${typeName}.`, + 'success' + ); + return true; + } catch (error) { + stopProgressIndicator( + indicatorId, + `Error importing request type ${typeName}`, + 'fail' + ); + printError(error); + } + return false; +} + +/** + * Import request types from file + * @param {String} file file name + * @param {RequestTypeExportInterface} options import options + * @returns {Promise} true if successful, false otherwise + */ +export async function importRequestTypesFromFile( + file: string +): Promise { + let indicatorId: string; + try { + indicatorId = createProgressIndicator( + 'indeterminate', + 0, + 'Importing request types...' + ); + const readRequestTypes = fs.readFileSync(file, 'utf8'); + const importData: RequestTypeExportInterface = JSON.parse(readRequestTypes); + updateProgressIndicator(indicatorId, 'Importing request types...'); + await importRequestTypes(importData); + stopProgressIndicator( + indicatorId, + `Successfully imported request types.`, + 'success' + ); + return true; + } catch (error) { + stopProgressIndicator( + indicatorId, + `Error importing request types.`, + 'fail' + ); + printError(error, `Error importing request types from file`); + } + return false; +} + +/** + * Import all request types from separate files + * @param {RequestTypeExportInterface} options import options + * @returns {Promise} true if successful, false otherwise + */ +export async function importRequestTypesFromFiles(): Promise { + let indicatorId: string; + const errors: Error[] = []; + try { + const names = fs.readdirSync(getWorkingDirectory()); + const requestTypesFiles = names.filter((name) => + name.toLowerCase().endsWith('.requestType.json') + ); + indicatorId = createProgressIndicator( + 'determinate', + requestTypesFiles.length, + 'Importing request types...' + ); + for (const file of requestTypesFiles) { + try { + updateProgressIndicator( + indicatorId, + `Importing request type from file ${file}...` + ); + const readFile = fs.readFileSync(file, 'utf8'); + const importData: RequestTypeExportInterface = JSON.parse(readFile); + await importRequestTypes(importData, undefined); + } catch (error) { + errors.push( + new FrodoError(`Error importing request type from ${file}`, error) + ); + } + } + if (errors.length > 0) { + throw new FrodoError(`One or more errors importing request type`, errors); + } + stopProgressIndicator( + indicatorId, + `Successfully imported request type.`, + 'success' + ); + return true; + } catch (error) { + stopProgressIndicator( + indicatorId, + `Error(s) importing request type.`, + 'fail' + ); + printError(error, `Error importing request type from files`); + } + return false; +} + +/** + * Import first request type from file + * @param {string} file import file name + * @param {RequestTypeImportOptions} options import options + * @returns {Promise} true if successful, false otherwise + */ +export async function importFirstRequestTypeFromFile( + file: string, + options: RequestTypeImportOptions = { + onlyCustom: false, + } +): Promise { + let indicatorId: string; + try { + indicatorId = createProgressIndicator( + 'indeterminate', + 0, + 'Importing request types...' + ); + const readRequestType = fs.readFileSync(getFilePath(file), 'utf8'); + const importData: RequestTypeExportInterface = JSON.parse(readRequestType); + const TypeId = Object.keys(importData.requestType); + if (TypeId.length === 0) + throw new FrodoError(`No request type found in import data`); + await importRequestTypes(importData, TypeId[0], undefined, options); + stopProgressIndicator( + indicatorId, + `Imported request type from ${file}`, + 'success' + ); + return true; + } catch (error) { + stopProgressIndicator( + indicatorId, + `Error importing request type from ${file}`, + 'fail' + ); + printError(error); + } + return false; +} + +/** + * Delete request type. + * @param {string} typeName request type name + + * @returns {Promise} true if successful, false otherwise + */ +export async function deleteRequestType(typeName: string): Promise { + const spinnerId = createProgressIndicator( + 'indeterminate', + undefined, + `Deleting request type ${typeName}...` + ); + try { + await deleteRequestTypeByName(typeName); + + stopProgressIndicator( + spinnerId, + `Deleted request type ${typeName}.`, + 'success' + ); + return true; + } catch (error) { + stopProgressIndicator(spinnerId, `Error: ${error.message}`, 'fail'); + printError(error); + } + return false; +} + +/** + * Delete request types. + * @returns {Promise} true if successful, false otherwise + */ +export async function deleteAllRequestTypes(): Promise { + const spinnerId = createProgressIndicator( + 'indeterminate', + undefined, + `Deleting request types...` + ); + try { + await deleteRequestTypes(); + stopProgressIndicator(spinnerId, `Deleted request types.`, 'success'); + return true; + } catch (error) { + stopProgressIndicator(spinnerId, `Error: ${error.message}`, 'fail'); + printError(error); + } + return false; +} + +/** + * Extracts scripts from a request type export into separate files. + * @param {RequestTypeExportInterface} exportData The request form export + * @param {string} typeName The request form id to extract scripts from. If undefined, will extract scripts from all request types. + * @param {string} directory The directory within the base directory to save the script files + * @returns {boolean} true if successful, false otherwise + */ +export function extractRequestTypeScriptsToFiles( + exportData: RequestTypeExportInterface, + typeName?: string, + directory?: string +): boolean { + try { + const types = typeName + ? [exportData.requestType[typeName]] + : Object.values(exportData.requestType); + for (const type of types) { + if (!type) continue; + const typeDirectory = `${directory ? directory + '/' : ''}${type.displayName}`; + // validation script + const validation = type.validation; + if (validation?.source) { + const sourceText = Array.isArray(validation.source) + ? validation.source.join('\n') + : validation.source; + const sourceFileName = getTypedFilename( + 'validation', + 'requestType', + 'js' + ); + validation.source = extractDataToFile( + sourceText, + `${typeDirectory}/${sourceFileName}` + ); + } + } + return true; + } catch (error) { + printError(error); + } + return false; +} diff --git a/src/ops/cloud/iga/IgaWorkflowOps.ts b/src/ops/cloud/iga/IgaWorkflowOps.ts index 37cbc5ad6..f1e1c44e9 100644 --- a/src/ops/cloud/iga/IgaWorkflowOps.ts +++ b/src/ops/cloud/iga/IgaWorkflowOps.ts @@ -246,7 +246,13 @@ export async function exportWorkflowToFile( indicatorId, `Saving ${workflowId} to ${filePath}...` ); - saveJsonToFile(exportData, filePath, includeMeta, false, keepModifiedProperties); + saveJsonToFile( + exportData, + filePath, + includeMeta, + false, + keepModifiedProperties + ); stopProgressIndicator( indicatorId, `Exported workflow ${workflowId} to file`, @@ -288,7 +294,13 @@ export async function exportWorkflowsToFile( if (!file) { file = getTypedFilename(`allWorkflows`, 'workflow'); } - saveJsonToFile(exportData, getFilePath(file, true), includeMeta, false, keepModifiedProperties); + saveJsonToFile( + exportData, + getFilePath(file, true), + includeMeta, + false, + keepModifiedProperties + ); return true; } catch (error) { printError(error, `Error exporting workflows to file`); diff --git a/test/client_cli/en/__snapshots__/iga.test.js.snap b/test/client_cli/en/__snapshots__/iga.test.js.snap index fd0b93817..0a033317d 100644 --- a/test/client_cli/en/__snapshots__/iga.test.js.snap +++ b/test/client_cli/en/__snapshots__/iga.test.js.snap @@ -13,6 +13,7 @@ Options: Commands: help display help for command + request-type Manage request types. workflow Manage workflows. " `; diff --git a/test/e2e/__snapshots__/config-export.e2e.test.js.snap b/test/e2e/__snapshots__/config-export.e2e.test.js.snap index 53fe19650..2dc74b13d 100644 --- a/test/e2e/__snapshots__/config-export.e2e.test.js.snap +++ b/test/e2e/__snapshots__/config-export.e2e.test.js.snap @@ -8,37 +8,147108 @@ exports[`frodo config export "frodo config export --all --modified-properties -- exports[`frodo config export "frodo config export --all --modified-properties --read-only --file testExportAll2.json --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything to a single file named testExportAll2.json with no decoding variables, no journey coordinates, and using string arrays 2`] = `""`; +exports[`frodo config export "frodo config export --all --modified-properties --read-only --file testExportAll2.json --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything to a single file named testExportAll2.json with no decoding variables, no journey coordinates, and using string arrays: testExportAll2.json 1`] = ` +{ + "global": { + "agent": { + "AgentService": { + "_id": "AgentService", + "_type": { + "_id": "AgentService", + "collection": false, + "name": "AgentService", + }, + }, + }, + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "authenticators": [ + "com.sun.identity.authentication.modules.ad.AD", + "org.forgerock.openam.authentication.modules.saml2.SAML2", + "org.forgerock.openam.authentication.modules.social.SocialAuthInstagram", + "org.forgerock.openam.authentication.modules.oath.OATH", + "org.forgerock.openam.authentication.modules.social.SocialAuthVK", + "com.sun.identity.authentication.modules.membership.Membership", + "com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO", + "org.forgerock.openam.authentication.modules.deviceprint.DeviceIdSave", + "com.sun.identity.authentication.modules.federation.Federation", + "org.forgerock.openam.authentication.modules.deviceprint.DeviceIdMatch", + "com.sun.identity.authentication.modules.jdbc.JDBC", + "com.sun.identity.authentication.modules.radius.RADIUS", + "com.sun.identity.authentication.modules.anonymous.Anonymous", + "com.sun.identity.authentication.modules.cert.Cert", + "org.forgerock.openam.authentication.modules.push.registration.AuthenticatorPushRegistration", + "com.sun.identity.authentication.modules.httpbasic.HTTPBasic", + "org.forgerock.openam.authentication.modules.oidc.OpenIdConnect", + "com.sun.identity.authentication.modules.sae.SAE", + "org.forgerock.openam.authentication.modules.social.SocialAuthWeChat", + "org.forgerock.openam.authentication.modules.persistentcookie.PersistentCookie", + "org.forgerock.openam.authentication.modules.social.SocialAuthTwitter", + "com.sun.identity.authentication.modules.ldap.LDAP", + "org.forgerock.openam.authentication.modules.push.AuthenticatorPush", + "org.forgerock.openam.authentication.modules.oauth2.OAuth", + "com.sun.identity.authentication.modules.nt.NT", + "org.forgerock.openam.authentication.modules.social.SocialAuthWeChatMobile", + "org.forgerock.openam.authentication.modules.jwtpop.JwtProofOfPossession", + "com.sun.identity.authentication.modules.application.Application", + "org.forgerock.openam.authentication.modules.scripted.Scripted", + "org.forgerock.openam.authentication.modules.social.SocialAuthOAuth2", + "com.sun.identity.authentication.modules.hotp.HOTP", + "org.forgerock.openam.authentication.modules.adaptive.Adaptive", + "org.forgerock.openam.authentication.modules.accountactivecheck.AccountActiveCheck", + "org.forgerock.openam.authentication.modules.social.SocialAuthOpenID", + "com.sun.identity.authentication.modules.msisdn.MSISDN", + "org.forgerock.openam.authentication.modules.fr.oath.AuthenticatorOATH", + "com.sun.identity.authentication.modules.datastore.DataStore", + "com.sun.identity.authentication.modules.securid.SecurID", + "org.forgerock.openam.authentication.modules.amster.Amster", + ], + "defaults": { + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "[Empty]", + "orgConfig": "[Empty]", + }, + "general": { + "defaultAuthLevel": 0, + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": false, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/am/console", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "moduleBasedAuthEnabled": true, + "sharedSecret": null, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 5, + }, + "userprofile": { + "aliasAttributeName": [], + "defaultRole": [], + "dynamicProfileCreation": "false", + }, + }, + "keepPostProcessInstances": false, + "ldapConnectionPoolDefaultSize": "1:10", + "ldapConnectionPoolSize": [], + "remoteAuthSecurityEnabled": false, + }, + "authenticationChains": { + "EMPTY": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Authentication Configuration", + }, + "dynamic": { + "authChainConfiguration": "[Empty]", + }, + }, + }, + "authenticationModules": { + "accountactivecheck": { + "_id": "accountactivecheck", + "_type": { + "_id": "accountactivecheck", + "collection": false, + "name": "Account Active Check", + }, + "defaults": { + "authenticationLevel": 0, + }, + }, + "activedirectory": { + "_id": "activedirectory", + "_type": { + "_id": "activedirectory", + "collection": false, + "name": "Active Directory", + }, + "defaults": { + "authenticationLevel": 0, + "connectionHeartbeatInterval": 1, + "connectionHeartbeatTimeUnit": "MINUTES", + "openam-auth-ldap-connection-mode": "LDAP", + "operationTimeout": 0, + "primaryLdapServer": [ + "localhost:50636", + ], + "profileAttributeMappings": [], + "returnUserDN": true, + "searchScope": "SUBTREE", + "secondaryLdapServer": [], + "stopLdapbindAfterInmemoryLockedEnabled": false, + "trustAllServerCertificates": false, + "userBindDN": "cn=Directory Manager", + "userProfileRetrievalAttribute": "uid", + "userSearchAttributes": [ + "uid", + ], + "userSearchStartDN": [ + "dc=openam,dc=forgerock,dc=org", + ], + }, + }, + "adaptiverisk": { + "_id": "adaptiverisk", + "_type": { + "_id": "adaptiverisk", + "collection": false, + "name": "Adaptive Risk ", + }, + "defaults": { + "attributecheck": { + "invertProfileRiskAttributeScore": false, + "profileRiskAttributeCheckEnabled": false, + "profileRiskAttributeScore": 1, + }, + "authfailed": { + "failedAuthenticationCheckEnabled": false, + "failureScore": 1, + "invertFailureScore": false, + }, + "devicecookie": { + "deviceCookieCheckEnabled": false, + "deviceCookieName": "Device", + "deviceCookieScore": 1, + "invertDeviceCookieScore": false, + "saveDeviceCookieValueOnSuccessfulLogin": false, + }, + "general": { + "authenticationLevel": 0, + "riskThreshold": 1, + }, + "geolocation": { + "geolocationCheckEnabled": false, + "geolocationScore": 1, + "invertGeolocationScore": false, + }, + "iphistory": { + "invertIPHistoryScore": false, + "ipHistoryCheckEnabled": false, + "ipHistoryCount": 5, + "ipHistoryProfileAttribute": "iphistory", + "ipHistoryScore": 1, + "saveSuccessfulIP": false, + }, + "iprange": { + "invertIPRangeScoreEnabled": false, + "ipRange": [ + "10.0.0.0/24", + ], + "ipRangeCheckEnabled": false, + "ipRangeScore": 1, + }, + "knowncookie": { + "createKnownCookieOnSuccessfulLogin": false, + "invertKnownCookieScore": false, + "knownCookieCheckEnabled": false, + "knownCookieScore": 1, + }, + "lastlogin": { + "invertTimeSinceLastLoginScore": false, + "saveLastLoginTimeOnSuccessfulLogin": false, + "timeSinceLastLoginCheckEnabled": false, + "timeSinceLastLoginScore": 1, + }, + "requestheader": { + "invertRequestHeaderScore": false, + "requestHeaderCheckEnabled": false, + "requestHeaderScore": 1, + }, + }, + }, + "amster": { + "_id": "amster", + "_type": { + "_id": "amster", + "collection": false, + "name": "ForgeRock Amster", + }, + "defaults": { + "authenticationLevel": 0, + "authorizedKeys": "/root/am/security/keys/amster/authorized_keys", + "enabled": true, + }, + }, + "anonymous": { + "_id": "anonymous", + "_type": { + "_id": "anonymous", + "collection": false, + "name": "Anonymous", + }, + "defaults": { + "authenticationLevel": 0, + "caseSensitiveUsernameMatchingEnabled": false, + "defaultAnonymousUsername": "anonymous", + "validAnonymousUsers": [], + }, + }, + "authJwtPoP": { + "_id": "authJwtPoP", + "_type": { + "_id": "authJwtPoP", + "collection": false, + "name": "JWT Proof of Possession (PoP)", + }, + "defaults": { + "authenticationLevel": 0, + "enableTlsSessionBinding": true, + "responseEncryptionCipher": "A128GCM", + "responseEncryptionMethod": "ECDHE", + }, + }, + "authPush": { + "_id": "authPush", + "_type": { + "_id": "authPush", + "collection": false, + "name": "ForgeRock Authenticator (Push)", + }, + "defaults": { + "authenticationLevel": 0, + "pushMessage": "Login attempt from {{user}} at {{issuer}}", + "timeoutInMilliSecconds": 120000, + }, + }, + "authPushReg": { + "_id": "authPushReg", + "_type": { + "_id": "authPushReg", + "collection": false, + "name": "ForgeRock Authenticator (Push) Registration", + }, + "defaults": { + "appleLink": "https://itunes.apple.com/app/forgerock-authenticator/id1038442926", + "authenticationLevel": 0, + "bgcolour": "#519387", + "googleLink": "https://play.google.com/store/apps/details?id=com.forgerock.authenticator", + "issuer": "ForgeRock", + "timeoutInMilliSecconds": 120000, + }, + }, + "authSaml": { + "_id": "authSaml", + "_type": { + "_id": "authSaml", + "collection": false, + "name": "SAML2", + }, + "defaults": { + "allowCreate": "true", + "authComparison": "exact", + "authenticationLevel": 0, + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", + "entityName": "http://", + "forceAuthn": "false", + "isPassive": "false", + "metaAlias": "/sp", + "nameIdFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "reqBinding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "sloEnabled": "false", + "sloRelay": "http://", + }, + }, + "authSocialInstagram": { + "_id": "authSocialInstagram", + "_type": { + "_id": "authSocialInstagram", + "collection": false, + "name": "Social Auth Instagram", + }, + "defaults": { + "accountProvisioning": { + "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|instagram-", + "accountMapperConfiguration": [ + "id=uid", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [ + "id=uid", + "full_name=sn", + "username=cn", + "username=givenName", + ], + "attributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|instagram-", + ], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "saveAttributesInSession": true, + }, + "core": { + "authenticationLevel": 0, + "authorizeEndpoint": "https://api.instagram.com/oauth/authorize", + "logoutBehaviour": "prompt", + "logoutServiceUrl": "https://instagram.com/accounts/logout", + "provider": "Instagram", + "scope": [ + "basic", + ], + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "subjectProperty": "id", + "tokenEndpoint": "https://api.instagram.com/oauth/access_token", + "userInfoEndpoint": "https://api.instagram.com/v1/users/self", + "usesBasicAuth": false, + }, + }, + }, + "authSocialOAuth2": { + "_id": "authSocialOAuth2", + "_type": { + "_id": "authSocialOAuth2", + "collection": false, + "name": "Social Auth OAuth2", + }, + "defaults": { + "accountProvisioning": { + "accountMapperConfiguration": [], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [], + "attributeMappingClasses": [], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "promptPasswordFlag": false, + "saveAttributesInSession": true, + }, + "core": { + "authenticationLevel": 0, + "logoutBehaviour": "prompt", + "mixUpMitigation": false, + "scope": [], + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "usesBasicAuth": true, + }, + "emailSettings": { + "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", + "smtpHost": "localhost", + "smtpPort": "25", + }, + }, + }, + "authSocialOpenID": { + "_id": "authSocialOpenID", + "_type": { + "_id": "authSocialOpenID", + "collection": false, + "name": "Social Auth OpenID", + }, + "defaults": { + "accountProvisioning": { + "accountMapperConfiguration": [], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [], + "attributeMappingClasses": [], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "promptPasswordFlag": false, + "saveAttributesInSession": true, + }, + "core": { + "authenticationLevel": 0, + "logoutBehaviour": "prompt", + "mixUpMitigation": false, + "scope": [ + "openid", + ], + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "usesBasicAuth": true, + }, + "emailSettings": { + "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", + "smtpHost": "localhost", + "smtpPort": "25", + }, + }, + }, + "authSocialTwitter": { + "_id": "authSocialTwitter", + "_type": { + "_id": "authSocialTwitter", + "collection": false, + "name": "Social Auth Twitter", + }, + "defaults": { + "accountProvisioning": { + "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|twitter-", + "accountMapperConfiguration": [ + "id_str=uid", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [ + "full_name=sn", + "username=cn", + "id_str=uid", + "username=givenName", + ], + "attributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|twitter-", + ], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "saveAttributesInSession": true, + }, + "core": { + "authenticationLevel": 0, + "authorizeEndpoint": "https://api.twitter.com/oauth/authenticate", + "provider": "Twitter", + "requestTokenEndpoint": "https://api.twitter.com/oauth/request_token", + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "subjectProperty": "id_str", + "tokenEndpoint": "https://api.twitter.com/oauth/access_token", + "userInfoEndpoint": "https://api.twitter.com/1.1/account/verify_credentials.json", + "usesBasicAuth": false, + }, + }, + }, + "authSocialVk": { + "_id": "authSocialVk", + "_type": { + "_id": "authSocialVk", + "collection": false, + "name": "Social Auth VKontakte", + }, + "defaults": { + "accountProvisioning": { + "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|vkontakte-", + "accountMapperConfiguration": [ + "id=uid", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [ + "first_name=givenName", + "first_name=cn", + "id=uid", + "last_name=sn", + "email=mail", + ], + "attributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|vkontakte-", + ], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "promptPasswordFlag": false, + "saveAttributesInSession": true, + }, + "core": { + "apiVersion": "5.73", + "authorizeEndpoint": "https://oauth.vk.com/authorize", + "forgerock-am-auth-socialauthvk-auth-level": 0, + "provider": "VKontakte", + "scope": [ + "email", + ], + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "subjectProperty": "id", + "tokenEndpoint": "https://oauth.vk.com/access_token", + "userInfoEndpoint": "https://api.vk.com/method/users.get", + }, + "emailSettings": { + "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", + "smtpHost": "localhost", + "smtpPort": "25", + }, + }, + }, + "authSocialWeChat": { + "_id": "authSocialWeChat", + "_type": { + "_id": "authSocialWeChat", + "collection": false, + "name": "Social Auth WeChat", + }, + "defaults": { + "accountProvisioning": { + "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|wechat-", + "accountMapperConfiguration": [ + "openid=uid", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [ + "nickname=givenName", + "openid=uid", + "nickname=cn", + "nickname=sn", + ], + "attributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|wechat-", + ], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "promptPasswordFlag": false, + "saveAttributesInSession": true, + }, + "core": { + "authenticationLevel": 0, + "authorizeEndpoint": "https://open.weixin.qq.com/connect/qrconnect", + "provider": "WeChat", + "scope": [ + "snsapi_login", + ], + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "subjectProperty": "openid", + "tokenEndpoint": "https://api.wechat.com/sns/oauth2/access_token", + "userInfoEndpoint": "https://api.wechat.com/sns/userinfo", + "usesBasicAuth": false, + }, + "emailSettings": { + "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", + "smtpHost": "localhost", + "smtpPort": "25", + }, + }, + }, + "authSocialWeChatMobile": { + "_id": "authSocialWeChatMobile", + "_type": { + "_id": "authSocialWeChatMobile", + "collection": false, + "name": "Social Auth WeChat Mobile", + }, + "defaults": { + "accountProvisioning": { + "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|wechat-", + "accountMapperConfiguration": [ + "openid=uid", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [ + "nickname=givenName", + "openid=uid", + "nickname=cn", + "nickname=sn", + ], + "attributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|uid|wechat-", + ], + "createAccount": true, + "enableRegistrationService": false, + "mapToAnonymousUser": false, + "promptPasswordFlag": false, + "saveAttributesInSession": true, + }, + "core": { + "authenticationLevel": 0, + "provider": "WeChat", + "scope": [ + "snsapi_userinfo", + ], + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "subjectProperty": "openid", + "userInfoEndpoint": "https://api.wechat.com/sns/userinfo", + }, + "emailSettings": { + "emailGateway": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", + "smtpHost": "localhost", + "smtpPort": "25", + }, + }, + }, + "authenticatoroath": { + "_id": "authenticatoroath", + "_type": { + "_id": "authenticatoroath", + "collection": false, + "name": "ForgeRock Authenticator (OATH)", + }, + "defaults": { + "addChecksumToOtpEnabled": "False", + "authenticationLevel": 0, + "frOathOtpMaxRetry": 3, + "hotpWindowSize": 100, + "minimumSecretKeyLength": 32, + "oathAlgorithm": "HOTP", + "passwordLength": "6", + "totpMaximumClockDrift": 5, + "totpTimeStepInterval": 30, + "totpTimeStepsInWindow": 2, + "truncationOffset": -1, + }, + }, + "certificate": { + "_id": "certificate", + "_type": { + "_id": "certificate", + "collection": false, + "name": "Certificate", + }, + "defaults": { + "authenticationLevel": 0, + "cacheCRLsInMemory": true, + "certificateAttributeProfileMappingExtension": "none", + "certificateAttributeToProfileMapping": "subject CN", + "certificateLdapServers": [ + "localhost:50636", + ], + "crlMatchingCertificateAttribute": "CN", + "iplanet-am-auth-cert-gw-cert-preferred": false, + "ldapCertificateAttribute": "CN", + "ldapSearchStartDN": [], + "matchCACertificateToCRL": false, + "matchCertificateInLdap": false, + "matchCertificateToCRL": false, + "ocspValidationEnabled": false, + "sslEnabled": false, + "trustedRemoteHosts": [ + "none", + ], + "updateCRLsFromDistributionPoint": true, + "userBindDN": "cn=Directory Manager", + }, + }, + "datastore": { + "_id": "datastore", + "_type": { + "_id": "datastore", + "collection": false, + "name": "Data Store", + }, + "defaults": { + "authenticationLevel": 0, + }, + }, + "deviceidmatch": { + "_id": "deviceidmatch", + "_type": { + "_id": "deviceidmatch", + "collection": false, + "name": "Device Id (Match)", + }, + "defaults": { + "authenticationLevel": 0, + "clientScript": "157298c0-7d31-4059-a95b-eeb08473b7e5", + "clientScriptEnabled": true, + "serverScript": "703dab1a-1921-4981-98dd-b8e5349d8548", + }, + }, + "deviceidsave": { + "_id": "deviceidsave", + "_type": { + "_id": "deviceidsave", + "collection": false, + "name": "Device Id (Save)", + }, + "defaults": { + "authenticationLevel": 0, + "autoStoreProfiles": false, + "maxProfilesAllowed": 5, + }, + }, + "federation": { + "_id": "federation", + "_type": { + "_id": "federation", + "collection": false, + "name": "Federation", + }, + "defaults": { + "authenticationLevel": 0, + }, + }, + "hotp": { + "_id": "hotp", + "_type": { + "_id": "hotp", + "collection": false, + "name": "HOTP", + }, + "defaults": { + "authenticationLevel": 0, + "autoSendOTP": false, + "otpDeliveryMethod": "SMS and E-mail", + "otpLength": "8", + "otpMaxRetry": 3, + "otpValidityDuration": 5, + "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "smtpFromAddress": "no-reply@openam.org", + "smtpHostPort": 465, + "smtpHostname": "smtp.gmail.com", + "smtpSslEnabled": "SSL", + "smtpUserPassword": null, + "smtpUsername": "opensso.sun", + "userProfileEmailAttribute": "mail", + "userProfileTelephoneAttribute": "telephoneNumber", + }, + }, + "httpbasic": { + "_id": "httpbasic", + "_type": { + "_id": "httpbasic", + "collection": false, + "name": "HTTP Basic", + }, + "defaults": { + "authenticationLevel": 0, + }, + }, + "jdbc": { + "_id": "jdbc", + "_type": { + "_id": "jdbc", + "collection": false, + "name": "JDBC", + }, + "defaults": { + "authenticationLevel": 0, + "connectionPoolJndiName": "java:comp/env/jdbc/samplePool", + "connectionType": "JNDI", + "jdbcDriver": "com.mysql.jdbc.Driver", + "jdbcUrl": "jdbc:mysql://127.0.0.1:3306/test", + "password": null, + "passwordColumn": "PASSWORD_COLUMN", + "passwordStatement": "select PASSWORD_COLUMN from TABLE where USERNAME_COLUMN = ?", + "passwordTransformClass": "com.sun.identity.authentication.modules.jdbc.ClearTextTransform", + "username": "root", + }, + }, + "ldap": { + "_id": "ldap", + "_type": { + "_id": "ldap", + "collection": false, + "name": "LDAP", + }, + "defaults": { + "authenticationLevel": 0, + "beheraPasswordPolicySupportEnabled": true, + "connectionHeartbeatInterval": 10, + "connectionHeartbeatTimeUnit": "SECONDS", + "minimumPasswordLength": "8", + "openam-auth-ldap-connection-mode": "LDAP", + "operationTimeout": 0, + "primaryLdapServer": [ + "localhost:50636", + ], + "profileAttributeMappings": [], + "returnUserDN": true, + "searchScope": "SUBTREE", + "secondaryLdapServer": [], + "stopLdapbindAfterInmemoryLockedEnabled": false, + "trustAllServerCertificates": false, + "userBindDN": "cn=Directory Manager", + "userProfileRetrievalAttribute": "uid", + "userSearchAttributes": [ + "uid", + ], + "userSearchStartDN": [ + "dc=openam,dc=forgerock,dc=org", + ], + }, + }, + "membership": { + "_id": "membership", + "_type": { + "_id": "membership", + "collection": false, + "name": "Membership", + }, + "defaults": { + "authenticationLevel": 0, + "defaultUserRoles": [], + "defaultUserStatus": "Active", + "minimumPasswordLength": 8, + }, + }, + "msisdn": { + "_id": "msisdn", + "_type": { + "_id": "msisdn", + "collection": false, + "name": "MSISDN", + }, + "defaults": { + "authenticationLevel": 0, + "baseSearchDN": [ + "dc=openam,dc=forgerock,dc=org", + ], + "ldapProviderUrl": [ + "localhost:50636", + ], + "ldapSslEnabled": false, + "ldapUserBindDN": "cn=Directory Manager", + "msisdnParameterNames": [], + "msisdnRequestSearchLocations": [ + "searchRequest", + "searchParam", + "searchCookie", + ], + "msisdnUserNamingAttribute": "uid", + "returnUserDN": true, + "trustedGatewayIPAddresses": [], + "userProfileMsisdnAttribute": "sunIdentityMSISDNNumber", + }, + }, + "oath": { + "_id": "oath", + "_type": { + "_id": "oath", + "collection": false, + "name": "OATH", + }, + "defaults": { + "addChecksum": "False", + "authenticationLevel": 0, + "forgerock-oath-maximum-clock-drift": 0, + "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", + "hotpWindowSize": 100, + "minimumSecretKeyLength": "32", + "oathAlgorithm": "HOTP", + "oathOtpMaxRetry": 3, + "passwordLength": "6", + "stepsInWindow": 2, + "timeStepSize": 30, + "truncationOffset": -1, + }, + }, + "oauth2": { + "_id": "oauth2", + "_type": { + "_id": "oauth2", + "collection": false, + "name": "Legacy OAuth 2.0 / OpenID Connect", + }, + "defaults": { + "accessTokenEndpointUrl": "https://graph.facebook.com/oauth/access_token", + "accessTokenParameterName": "access_token", + "accountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper", + "accountMapperConfiguration": [ + "id=facebook-id", + "email=mail", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "anonymousUserName": "anonymous", + "attributeMapperConfiguration": [ + "first_name=givenname", + "id=facebook-id", + "email=facebook-email", + "last_name=facebook-lname", + "first_name=facebook-fname", + "name=cn", + "email=mail", + "last_name=sn", + ], + "attributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper", + ], + "authenticationEndpointUrl": "https://www.facebook.com/dialog/oauth", + "authenticationLevel": 0, + "createAccount": true, + "logoutBehaviour": "prompt", + "mailGatewayClass": "org.forgerock.openam.authentication.modules.oauth2.DefaultEmailGatewayImpl", + "mapToAnonymousUser": false, + "mixUpMitigation": false, + "promptForPassword": true, + "saveAttributesInSession": true, + "scope": "email,read_stream", + "smtpFromAddress": "info@forgerock.com", + "smtpHostName": "localhost", + "smtpHostPort": "25", + "ssoProxyUrl": "http://localhost:8080/am/oauth2c/OAuthProxy.jsp", + "userProfileServiceUrl": "https://graph.facebook.com/me", + }, + }, + "openidconnect": { + "_id": "openidconnect", + "_type": { + "_id": "openidconnect", + "collection": false, + "name": "OpenID Connect id_token bearer", + }, + "defaults": { + "acceptedAuthorizedParties": [ + "http://www.example.com/authorized/party", + "AuthorizedPartyExample", + ], + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "audienceName": "example", + "cryptoContextType": ".well-known/openid-configuration_url", + "cryptoContextValue": "https://accounts.google.com/.well-known/openid-configuration", + "idTokenHeaderName": "oidc_id_token", + "idTokenIssuer": "accounts.google.com", + "jwtToLdapAttributeMappings": [ + "sub=uid", + "email=mail", + ], + "principalMapperClass": "org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper", + "useSubClaimIfNoMatch": false, + }, + }, + "persistentcookie": { + "_id": "persistentcookie", + "_type": { + "_id": "persistentcookie", + "collection": false, + "name": "Persistent Cookie", + }, + "defaults": { + "cookieName": "session-jwt", + "enforceClientIP": false, + "idleTimeout": 5, + "maxLife": 5, + "useHttpOnlyCookie": true, + "useSecureCookie": true, + }, + }, + "radius": { + "_id": "radius", + "_type": { + "_id": "radius", + "collection": false, + "name": "RADIUS", + }, + "defaults": { + "authenticationLevel": 0, + "healthCheckInterval": 5, + "primaryRadiusServers": [ + "127.0.0.1", + ], + "secondaryRadiusServers": [ + "127.0.0.1", + ], + "serverPortNumber": 1645, + "serverTimeout": 3, + "stopRadiusbindAfterInmemoryLockedEnabled": false, + }, + }, + "sae": { + "_id": "sae", + "_type": { + "_id": "sae", + "collection": false, + "name": "SAE", + }, + "defaults": { + "authenticationLevel": 0, + }, + }, + "scripted": { + "_id": "scripted", + "_type": { + "_id": "scripted", + "collection": false, + "name": "Scripted Module", + }, + "defaults": { + "authenticationLevel": 1, + "clientScript": "[Empty]", + "clientScriptEnabled": true, + "serverScript": "7e3d7067-d50f-4674-8c76-a3e13a810c33", + }, + }, + "securid": { + "_id": "securid", + "_type": { + "_id": "securid", + "collection": false, + "name": "SecurID", + }, + "defaults": { + "authenticationLevel": 0, + "serverConfigPath": "/root/am/config/auth/ace/data", + }, + }, + "windowsdesktopsso": { + "_id": "windowsdesktopsso", + "_type": { + "_id": "windowsdesktopsso", + "collection": false, + "name": "Windows Desktop SSO", + }, + "defaults": { + "authenticationLevel": 0, + "kerberosServiceIsinitiator": true, + "lookupUserInRealm": false, + "returnPrincipalWithDomainName": false, + "trustedKerberosRealms": [], + }, + }, + "windowsnt": { + "_id": "windowsnt", + "_type": { + "_id": "windowsnt", + "collection": false, + "name": "Windows NT", + }, + "defaults": { + "authenticationLevel": 0, + }, + }, + }, + "authenticationTreesConfiguration": { + "EMPTY": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Authentication Trees Configuration", + }, + }, + }, + "nodeTypes": { + "8ab9f1aad4b4460a9c45d15fb148e221-1": { + "_id": "8ab9f1aad4b4460a9c45d15fb148e221-1", + "description": "Debug node that displays the shared and transient state of the journey for debugging purposes.", + "displayName": "Display State", + "errorOutcome": false, + "inputs": [], + "outcomes": [ + "outcome", + ], + "outputs": [], + "properties": { + "displayFormat": { + "defaultValue": "TABLE", + "description": "The format in which to display the states.", + "multivalued": false, + "options": { + "JSON": "Raw JSON", + "TABLE": "HTML Table", + }, + "required": true, + "title": "Display Format", + "type": "STRING", + }, + }, + "script": [ + "var SCRIPT_OUTCOMES = {", + " OUTCOME: "outcome"", + "};", + "", + "function main() {", + " if (!callbacks.isEmpty()) {", + " action.goTo(SCRIPT_OUTCOMES.OUTCOME);", + " return;", + " }", + " var keySet = nodeState.keys(); // Java Set", + " var keys = Array.from(keySet); // Make it into JavaScript array", + " debugState = {};", + " for (var i in keys) {", + " var k = new String(keys[i]);", + " var item = nodeState.get(k);", + " if (typeof item === "object") {", + " debugState[k] = nodeState.getObject(k);", + " } else {", + " debugState[k] = nodeState.get(k);", + " }", + " }", + " if (properties.displayFormat === "JSON") {", + " callbacksBuilder.textOutputCallback(0, \`
\${JSON.stringify(debugState, null, 2)}
\`);", + " return;", + " }", + " callbacksBuilder.textOutputCallback(0, \`\${Array.from(Object.keys(debugState).map(k => \`\`))}
KeyValue
\${k}
\${debugState[k]}
\`);", + "}", + "", + "main();", + "", + ], + "serviceName": "8ab9f1aad4b4460a9c45d15fb148e221", + "tags": [ + "debug", + "testing", + ], + }, + "c15e2efb3deb4d4ea338c74a6440b69f-1": { + "_id": "c15e2efb3deb4d4ea338c74a6440b69f-1", + "description": "Simple ALU that performs basic binary vector math operations. Outputs the result onto the shared state with key "c".", + "displayName": "Vector ALU", + "errorOutcome": true, + "inputs": [], + "outcomes": [ + "Success", + ], + "outputs": [ + "c", + ], + "properties": { + "a": { + "defaultValue": [ + 1, + 2, + 3, + ], + "description": "Left vector operand", + "multivalued": true, + "required": true, + "title": "A", + "type": "NUMBER", + }, + "b": { + "defaultValue": [ + 4, + 5, + 6, + ], + "description": "Right vector operand", + "multivalued": true, + "required": true, + "title": "B", + "type": "NUMBER", + }, + "operator": { + "defaultValue": "DOT", + "description": "The binary operation to perform on the vectors.", + "multivalued": false, + "options": { + "ADD": "+", + "CROSS": "X", + "DOT": ".", + "SUBTRACT": "-", + }, + "required": true, + "title": "Operator", + "type": "STRING", + }, + }, + "script": [ + "var SCRIPT_OUTCOMES = {", + " SUCCESS: 'Success'", + "};", + "", + "var OPERATORS = {", + " ADD: "ADD",", + " SUBTRACT: "SUBTRACT",", + " DOT: "DOT",", + " CROSS: "CROSS"", + "}", + "", + "function add(a, b) {", + " return a.map((v, i) => v + b[i]);", + "}", + "", + "function subtract(a, b) {", + " return a.map((v, i) => v - b[i]);", + "}", + "", + "function dot(a, b) {", + " return a.reduce((sum, v, i) => sum + v * b[i], 0);", + "}", + "", + "function cross(a, b) {", + " return [", + " a[1] * b[2] - a[2] * b[1],", + " a[2] * b[0] - a[0] * b[2],", + " a[0] * b[1] - a[1] * b[0]", + " ];", + "}", + "", + "function main() {", + " if (properties.a.length !== properties.b.length) throw new Error("Vectors not the same dimension.");", + " switch (properties.operator) {", + " case OPERATORS.ADD:", + " nodeState.putShared("c", add(properties.a, properties.b));", + " break;", + " case OPERATORS.SUBTRACT:", + " nodeState.putShared("c", subtract(properties.a, properties.b));", + " break;", + " case OPERATORS.DOT:", + " nodeState.putShared("c", dot(properties.a, properties.b));", + " break;", + " case OPERATORS.CROSS:", + " if (properties.a.length !== 3) throw new Error("Vectors not dimension 3 for cross product");", + " nodeState.putShared("c", cross(properties.a, properties.b));", + " break;", + " default: throw new Error("Unknown operator.");", + " }", + " action.goTo(SCRIPT_OUTCOMES.SUCCESS);", + "}", + "", + "main();", + "", + ], + "serviceName": "c15e2efb3deb4d4ea338c74a6440b69f", + "tags": [ + "math", + "vector", + "utilities", + ], + }, + "c605506774a848f7877b4d17a453bd39-1": { + "_id": "c605506774a848f7877b4d17a453bd39-1", + "description": "Checks if the user has a current session.", + "displayName": "Has Session", + "errorOutcome": false, + "inputs": [], + "outcomes": [ + "True", + "False", + ], + "outputs": [], + "properties": {}, + "script": [ + "var SCRIPT_OUTCOMES = {", + " TRUE: 'True',", + " FALSE: 'False'", + "}", + "", + "function main() {", + " action.goTo(typeof existingSession === "undefined" ? SCRIPT_OUTCOMES.FALSE : SCRIPT_OUTCOMES.TRUE);", + "}", + "", + "main();", + "", + ], + "serviceName": "c605506774a848f7877b4d17a453bd39", + "tags": [ + "utilities", + ], + }, + "c6063fb2f5dc42dd9772bedc93898bd8-1": { + "_id": "c6063fb2f5dc42dd9772bedc93898bd8-1", + "description": "Simple ALU that performs basic binary math operations. Expects an "x" and "y" value on the shared state, and will produce a new "z" value on the shared state as output.", + "displayName": "ALU", + "errorOutcome": true, + "inputs": [ + "x", + "y", + ], + "outcomes": [ + "Success", + ], + "outputs": [ + "z", + ], + "properties": { + "operator": { + "defaultValue": "ADD", + "description": "The operation to perform.", + "multivalued": false, + "options": { + "ADD": "+", + "DIVIDE": "/", + "MULTIPLY": "*", + "SUBTRACT": "-", + }, + "required": true, + "title": "Operator", + "type": "STRING", + }, + }, + "script": [ + "var SCRIPT_OUTCOMES = {", + " SUCCESS: 'Success'", + "};", + "", + "var OPERATORS = {", + " ADD: "ADD",", + " SUBTRACT: "SUBTRACT",", + " MULTIPLY: "MULTIPLY",", + " DIVIDE: "DIVIDE"", + "}", + "", + "function main() {", + " var a = Number(properties.a);", + " var b = Number(properties.b);", + " switch (properties.operator) {", + " case OPERATORS.ADD:", + " nodeState.putShared("z", a + b);", + " break;", + " case OPERATORS.SUBTRACT:", + " nodeState.putShared("z", a - b);", + " break;", + " case OPERATORS.MULTIPLY:", + " nodeState.putShared("z", a * b);", + " break;", + " case OPERATORS.DIVIDE:", + " if (b == 0) throw new Error("Cannot divide by 0");", + " nodeState.putShared("z", a / b);", + " break;", + " default: throw new Error("Unknown operator.");", + " }", + " action.goTo(SCRIPT_OUTCOMES.SUCCESS);", + "}", + "", + "main();", + "", + ], + "serviceName": "c6063fb2f5dc42dd9772bedc93898bd8", + "tags": [ + "math", + "utilities", + ], + }, + "e5ad0110c8ee4dafaae983003cd05d4a-1": { + "_id": "e5ad0110c8ee4dafaae983003cd05d4a-1", + "description": "Generate a signed JWT using the HMAC SHA-256 algorithm.", + "displayName": "Generate JWT", + "errorOutcome": true, + "inputs": [], + "outcomes": [ + "True", + "False", + ], + "outputs": [], + "properties": { + "audience": { + "description": "The audience (aud) claim", + "multivalued": false, + "required": true, + "title": "Audience", + "type": "STRING", + }, + "issuer": { + "description": "The issuer (iss) claim", + "multivalued": false, + "required": true, + "title": "Issuer", + "type": "STRING", + }, + "signingkey": { + "defaultValue": "esv.signing.key", + "description": "The secret label for the HMAC signing key", + "multivalued": false, + "required": true, + "title": "HMAC Signing Key", + "type": "STRING", + }, + "validity": { + "defaultValue": 5, + "description": "", + "multivalued": false, + "required": true, + "title": "Validity (minutes)", + "type": "NUMBER", + }, + }, + "script": [ + "var aud = properties.audience;", + "var iss = properties.issuer;", + "var validity = properties.validity;", + "var esv = properties.signingkey;", + "", + "var signingkey = systemEnv.getProperty(esv);", + "", + "var username = nodeState.get("username");", + "", + "var data = {", + " jwtType:"SIGNED",", + " jwsAlgorithm: "HS256",", + " issuer: iss,", + " subject: username,", + " audience: aud,", + " type: "JWT",", + " validityMinutes: validity,", + " signingKey: signingkey", + "};", + "", + "var jwt = jwtAssertion.generateJwt(data);", + "", + "if (jwt !== null && jwt.length > 0) {", + " nodeState.putShared("assertionJwt" , jwt);", + " action.goTo("True");", + "} else {", + " action.goTo("False");", + "}", + "", + ], + "serviceName": "e5ad0110c8ee4dafaae983003cd05d4a", + "tags": [ + "Utilities", + "utilities", + ], + }, + "ef81b1a52c914710b3388caebfe7233a-1": { + "_id": "ef81b1a52c914710b3388caebfe7233a-1", + "description": "Displays custom callback to the page", + "displayName": "Display Callback", + "errorOutcome": false, + "inputs": [], + "outcomes": [ + "outcome", + ], + "outputs": [], + "properties": { + "callback": { + "description": "The callback to display", + "multivalued": false, + "options": { + "BOOLEAN_ATTRIBUTE_INPUT_CALLBACK": "booleanAttributeInputCallback", + "CHOICE_CALLBACK": "choiceCallback", + "CONFIRMATION_CALLBACK": "confirmationCallback", + "CONSENT_MAPPING_CALLBACK": "consentMappingCallback", + "DEVICE_PROFILE_CALLBACK": "deviceProfileCallback", + "HIDDEN_VALUE_CALLBACK": "hiddenValueCallback", + "HTTP_CALLBACK": "httpCallback", + "IDP_CALLBACK": "idPCallback", + "KBA_CREATE_CALLBACK": "kbaCreateCallback", + "LANGUAGE_CALLBACK": "languageCallback", + "METADATA_CALLBACK": "metadataCallback", + "NAME_CALLBACK": "nameCallback", + "NUMBER_ATTRIBUTE_INPUT_CALLBACK": "numberAttributeInputCallback", + "PASSWORD_CALLBACK": "passwordCallback", + "POLLING_WAIT_CALLBACK": "pollingWaitCallback", + "REDIRECT_CALLBACK": "redirectCallback", + "SCRIPT_TEXT_OUTPUT_CALLBACK": "scriptTextOutputCallback", + "SELECT_IDP_CALLBACK": "selectIdPCallback", + "STRING_ATTRIBUTE_INPUT_CALLBACK": "stringAttributeInputCallback", + "SUSPENDED_TEXT_OUTPUT_CALLBACK": "suspendedTextOutputCallback", + "TERMS_AND_CONDITIONS_CALLBACK": "termsAndConditionsCallback", + "TEXT_INPUT_CALLBACK": "textInputCallback", + "TEXT_OUTPUT_CALLBACK": "textOutputCallback", + "VALIDATED_PASSWORD_CALLBACK": "validatedPasswordCallback", + "VALIDATED_USERNAME_CALLBACK": "validatedUsernameCallback", + "X509_CERTIFICATE_CALLBACK": "x509CertificateCallback", + }, + "required": true, + "title": "Callback", + "type": "STRING", + }, + "objectSharedProperty": { + "description": "The objectAttributes property on the shared state to put the callback input into (if applicable)", + "multivalued": false, + "required": false, + "title": "Object Attributes Shared Property", + "type": "STRING", + }, + "objectTransientProperty": { + "description": "The objectAttributes property on the transient state to put the callback input into (if applicable)", + "multivalued": false, + "required": false, + "title": "Object Attributes Transient Property", + "type": "STRING", + }, + "options": { + "description": "The options containing the parameters for the callback (see documentation for possible parameters: https://docs.pingidentity.com/pingoneaic/latest/am-scripting/scripting-api-node.html#scripting-api-node-callbacks). + +For example, for textOutputCallback, the options could be: { messageType: 0, message: "Hello World!" }. + +Note that for required parameters that are not specified in the options will use default values based on the type of the parameter ("" for Strings, [] for Arrays, {} for Objects, 0 for Ints, 0.0 for Doubles, and false for Booleans).", + "multivalued": false, + "required": true, + "title": "Options", + "type": "OBJECT", + }, + "sharedProperty": { + "description": "The shared state property to put the callback input into (if applicable)", + "multivalued": false, + "required": false, + "title": "Shared State Property", + "type": "STRING", + }, + "transientProperty": { + "description": "The transient state property to put the callback input into (if applicable)", + "multivalued": false, + "required": false, + "title": "Transient State Property", + "type": "STRING", + }, + }, + "script": [ + "var SCRIPT_OUTCOMES = {", + " OUTCOME: 'outcome'", + "};", + "", + "var CALLBACKS = {", + " BOOLEAN_ATTRIBUTE_INPUT_CALLBACK: "BOOLEAN_ATTRIBUTE_INPUT_CALLBACK",", + " CHOICE_CALLBACK: "CHOICE_CALLBACK",", + " CONFIRMATION_CALLBACK: "CONFIRMATION_CALLBACK",", + " CONSENT_MAPPING_CALLBACK: "CONSENT_MAPPING_CALLBACK",", + " DEVICE_PROFILE_CALLBACK: "DEVICE_PROFILE_CALLBACK",", + " HIDDEN_VALUE_CALLBACK: "HIDDEN_VALUE_CALLBACK",", + " HTTP_CALLBACK: "HTTP_CALLBACK",", + " IDP_CALLBACK: "IDP_CALLBACK",", + " KBA_CREATE_CALLBACK: "KBA_CREATE_CALLBACK",", + " LANGUAGE_CALLBACK: "LANGUAGE_CALLBACK",", + " METADATA_CALLBACK: "METADATA_CALLBACK",", + " NAME_CALLBACK: "NAME_CALLBACK",", + " NUMBER_ATTRIBUTE_INPUT_CALLBACK: "NUMBER_ATTRIBUTE_INPUT_CALLBACK",", + " PASSWORD_CALLBACK: "PASSWORD_CALLBACK",", + " POLLING_WAIT_CALLBACK: "POLLING_WAIT_CALLBACK",", + " REDIRECT_CALLBACK: "REDIRECT_CALLBACK",", + " SCRIPT_TEXT_OUTPUT_CALLBACK: "SCRIPT_TEXT_OUTPUT_CALLBACK",", + " SELECT_IDP_CALLBACK: "SELECT_IDP_CALLBACK",", + " STRING_ATTRIBUTE_INPUT_CALLBACK: "STRING_ATTRIBUTE_INPUT_CALLBACK",", + " SUSPENDED_TEXT_OUTPUT_CALLBACK: "SUSPENDED_TEXT_OUTPUT_CALLBACK",", + " TERMS_AND_CONDITIONS_CALLBACK: "TERMS_AND_CONDITIONS_CALLBACK",", + " TEXT_INPUT_CALLBACK: "TEXT_INPUT_CALLBACK",", + " TEXT_OUTPUT_CALLBACK: "TEXT_OUTPUT_CALLBACK",", + " VALIDATED_PASSWORD_CALLBACK: "VALIDATED_PASSWORD_CALLBACK",", + " VALIDATED_USERNAME_CALLBACK: "VALIDATED_USERNAME_CALLBACK",", + " X509_CERTIFICATE_CALLBACK: "X509_CERTIFICATE_CALLBACK"", + "}", + "", + "function isStringPresent(value) {", + " return value;", + "}", + "", + "function getString(value) {", + " return value || '';", + "}", + "", + "function isArrayPresent(value) {", + " return value;", + "}", + "", + "function getArray(value) {", + " return value ? JSON.parse(value) : [];", + "}", + "", + "function isObjectPresent(value) {", + " return value;", + "}", + "", + "function getObject(value) {", + " return value ? JSON.parse(value) : {};", + "}", + "", + "function isIntPresent(value) {", + " return value;", + "}", + "", + "function getInt(value) {", + " return value ? parseInt(value) : 0;", + "}", + "", + "function isDoublePresent(value) {", + " return value;", + "}", + "", + "function getDouble(value) {", + " return value ? parseFloat(value) : 0.0;", + "}", + "", + "function isBooleanPresent(value) {", + " return value;", + "}", + "", + "function getBoolean(value) {", + " return value ? value.toLowerCase() === 'true' : false;", + "}", + "", + "function setProperty(value) {", + " if (properties.sharedProperty) nodeState.putShared(properties.sharedProperty, value);", + " if (properties.transientProperty) nodeState.putTransient(properties.transientProperty, value);", + " if (properties.objectSharedProperty) {", + " var attributes = {};", + " attributes[properties.objectSharedProperty] = value;", + " nodeState.mergeShared({", + " objectAttributes: attributes", + " });", + " }", + " if (properties.objectTransientProperty) {", + " var attributes = {};", + " attributes[properties.objectTransientProperty] = value;", + " nodeState.mergeTransient({", + " objectAttributes: attributes", + " });", + " }", + "}", + "", + "function booleanAttributeInputCallback() {", + " var name = getString(properties.options.name);", + " var prompt = getString(properties.options.prompt);", + " var value = getBoolean(properties.options.value);", + " var required = getBoolean(properties.options.required);", + " var policies = getObject(properties.options.policies);", + " var validateOnly = getBoolean(properties.options.validateOnly);", + " var failedPolicies = getArray(properties.options.failedPolicies);", + " if (isBooleanPresent(properties.options.validateOnly) || isObjectPresent(properties.options.policies)) {", + " if (isArrayPresent(failedPolicies)) {", + " callbacksBuilder.booleanAttributeInputCallback(name, prompt, value, required, policies, validateOnly, failedPolicies);", + " } else {", + " callbacksBuilder.booleanAttributeInputCallback(name, prompt, value, required, policies, validateOnly);", + " }", + " } else if (isArrayPresent(failedPolicies)) {", + " callbacksBuilder.booleanAttributeInputCallback(name, prompt, value, required, failedPolicies);", + " } else {", + " callbacksBuilder.booleanAttributeInputCallback(name, prompt, value, required);", + " }", + "}", + "", + "function choiceCallback() {", + " var prompt = getString(properties.options.prompt);", + " var choices = getArray(properties.options.choices);", + " var defaultChoice = getInt(properties.options.defaultChoice);", + " var multipleSelectionsAllowed = getBoolean(properties.options.multipleSelectionsAllowed);", + " callbacksBuilder.choiceCallback(prompt, choices, defaultChoice, multipleSelectionsAllowed);", + "}", + "", + "function confirmationCallback() {", + " var prompt = getString(properties.options.prompt);", + " var messageType = getInt(properties.options.messageType);", + " var options = getArray(properties.options.options);", + " var optionType = getInt(properties.options.optionType);", + " var defaultOption = getInt(properties.options.defaultOption);", + " if (isStringPresent(properties.options.prompt)) {", + " if (isIntPresent(properties.options.optionType)) {", + " callbacksBuilder.confirmationCallback(prompt, messageType, optionType, defaultOption);", + " } else {", + " callbacksBuilder.confirmationCallback(prompt, messageType, options, defaultOption);", + " }", + " } else {", + " if (isIntPresent(properties.options.optionType)) {", + " callbacksBuilder.confirmationCallback(messageType, optionType, defaultOption);", + " } else {", + " callbacksBuilder.confirmationCallback(messageType, options, defaultOption);", + " }", + " }", + "}", + "", + "function consentMappingCallback() {", + " var config = getObject(properties.options.config);", + " var message = getString(properties.options.message);", + " var isRequired = getBoolean(properties.options.isRequired);", + " var name = getString(properties.options.name);", + " var displayName = getString(properties.options.displayName);", + " var icon = getString(properties.options.icon);", + " var accessLevel = getString(properties.options.accessLevel);", + " var titles = getArray(properties.options.titles);", + " if (isObjectPresent(properties.options.prompt)) {", + " callbacksBuilder.consentMappingCallback(config, message, isRequired);", + " } else {", + " callbacksBuilder.consentMappingCallback(name, displayName, icon, accessLevel, titles, message, isRequired);", + " }", + "}", + "", + "function deviceProfileCallback() {", + " var metadata = getBoolean(properties.options.metadata);", + " var location = getBoolean(properties.options.location);", + " var message = getString(properties.options.message);", + " callbacksBuilder.deviceProfileCallback(metadata, location, message);", + "}", + "", + "function hiddenValueCallback() {", + " var id = getString(properties.options.id);", + " var value = getString(properties.options.value);", + " callbacksBuilder.hiddenValueCallback(id, value);", + "}", + "", + "function httpCallback() {", + " var authorizationHeader = getString(properties.options.authorizationHeader);", + " var negotiationHeader = getString(properties.options.negotiationHeader);", + " var authRHeader = getString(properties.options.authRHeader);", + " var negoName = getString(properties.options.negoName);", + " var negoValue = getString(properties.options.negoValue);", + " if (isStringPresent(properties.options.authorizationHeader) || isStringPresent(properties.options.negotiationHeader)) {", + " var errorCode = getString(properties.options.errorCode);", + " callbacksBuilder.httpCallback(authorizationHeader, negotiationHeader, errorCode);", + " } else {", + " var errorCode = getInt(properties.options.errorCode);", + " callbacksBuilder.httpCallback(authRHeader, negoName, negoValue, errorCode);", + " }", + "}", + "", + "function idPCallback() {", + " var provider = getString(properties.options.provider);", + " var clientId = getString(properties.options.clientId);", + " var redirectUri = getString(properties.options.redirectUri);", + " var scope = getArray(properties.options.scope);", + " var nonce = getString(properties.options.nonce);", + " var request = getString(properties.options.request);", + " var requestUri = getString(properties.options.requestUri);", + " var acrValues = getArray(properties.options.acrValues);", + " var requestNativeAppForUserInfo = getBoolean(properties.options.requestNativeAppForUserInfo);", + " var token = getString(properties.options.token);", + " var tokenType = getString(properties.options.tokenType);", + " if (isStringPresent(properties.options.token) || isStringPresent(properties.options.tokenType)) {", + " callbacksBuilder.idPCallback(provider, clientId, redirectUri, scope, nonce, request, requestUri, acrValues, requestNativeAppForUserInfo, token, tokenType);", + " } else {", + " callbacksBuilder.idPCallback(provider, clientId, redirectUri, scope, nonce, request, requestUri, acrValues, requestNativeAppForUserInfo);", + " }", + "}", + "", + "function kbaCreateCallback() {", + " var prompt = getString(properties.options.prompt);", + " var predefinedQuestions = getArray(properties.options.predefinedQuestions);", + " var allowUserDefinedQuestions = getBoolean(properties.options.allowUserDefinedQuestions);", + " callbacksBuilder.kbaCreateCallback(prompt, predefinedQuestions, allowUserDefinedQuestions);", + "}", + "", + "function languageCallback() {", + " var language = getString(properties.options.language);", + " var country = getString(properties.options.country);", + " callbacksBuilder.languageCallback(language, country);", + "}", + "", + "function metadataCallback() {", + " var outputValue = getObject(properties.options.outputValue);", + " callbacksBuilder.metadataCallback(outputValue);", + "}", + "", + "function nameCallback() {", + " var prompt = getString(properties.options.prompt);", + " var defaultName = getString(properties.options.defaultName);", + " if (isStringPresent(properties.options.defaultName)) {", + " callbacksBuilder.nameCallback(prompt, defaultName);", + " } else {", + " callbacksBuilder.nameCallback(prompt);", + " }", + "}", + "", + "function numberAttributeInputCallback() {", + " var name = getString(properties.options.name);", + " var prompt = getString(properties.options.prompt);", + " var value = getDouble(properties.options.value);", + " var required = getBoolean(properties.options.required);", + " var policies = getObject(properties.options.policies);", + " var validateOnly = getBoolean(properties.options.validateOnly);", + " var failedPolicies = getArray(properties.options.failedPolicies);", + " if (isBooleanPresent(properties.options.validateOnly) || isObjectPresent(properties.options.policies)) {", + " if (isArrayPresent(failedPolicies)) {", + " callbacksBuilder.numberAttributeInputCallback(name, prompt, value, required, policies, validateOnly, failedPolicies);", + " } else {", + " callbacksBuilder.numberAttributeInputCallback(name, prompt, value, required, policies, validateOnly);", + " }", + " } else if (isArrayPresent(failedPolicies)) {", + " callbacksBuilder.numberAttributeInputCallback(name, prompt, value, required, failedPolicies);", + " } else {", + " callbacksBuilder.numberAttributeInputCallback(name, prompt, value, required);", + " }", + "}", + "", + "function passwordCallback() {", + " var prompt = getString(properties.options.prompt);", + " var echoOn = getBoolean(properties.options.echoOn);", + " callbacksBuilder.passwordCallback(prompt, echoOn);", + "}", + "", + "function pollingWaitCallback() {", + " var waitTime = getString(properties.options.waitTime);", + " var message = getString(properties.options.message);", + " callbacksBuilder.pollingWaitCallback(waitTime, message);", + "}", + "", + "function redirectCallback() {", + " throw new Error('Not Implemented');", + "}", + "", + "function scriptTextOutputCallback() {", + " var message = getString(properties.options.message);", + " callbacksBuilder.scriptTextOutputCallback(message);", + "}", + "", + "function selectIdPCallback() {", + " var providers = getObject(properties.options.providers);", + " callbacksBuilder.selectIdPCallback(providers);", + "}", + "", + "function stringAttributeInputCallback() {", + " var name = getString(properties.options.name);", + " var prompt = getString(properties.options.prompt);", + " var value = getString(properties.options.value);", + " var required = getBoolean(properties.options.required);", + " var policies = getObject(properties.options.policies);", + " var validateOnly = getBoolean(properties.options.validateOnly);", + " var failedPolicies = getArray(properties.options.failedPolicies);", + " if (isBooleanPresent(properties.options.validateOnly) || isObjectPresent(properties.options.policies)) {", + " if (isArrayPresent(failedPolicies)) {", + " callbacksBuilder.stringAttributeInputCallback(name, prompt, value, required, policies, validateOnly, failedPolicies);", + " } else {", + " callbacksBuilder.stringAttributeInputCallback(name, prompt, value, required, policies, validateOnly);", + " }", + " } else if (isArrayPresent(failedPolicies)) {", + " callbacksBuilder.stringAttributeInputCallback(name, prompt, value, required, failedPolicies);", + " } else {", + " callbacksBuilder.stringAttributeInputCallback(name, prompt, value, required);", + " }", + "}", + "", + "function suspendedTextOutputCallback() {", + " var messageType = getInt(properties.options.messageType);", + " var message = getString(properties.options.message);", + " callbacksBuilder.suspendedTextOutputCallback(messageType, message);", + "}", + "", + "function termsAndConditionsCallback() {", + " var version = getString(properties.options.version);", + " var terms = getString(properties.options.terms);", + " var createDate = getString(properties.options.createDate);", + " callbacksBuilder.termsAndConditionsCallback(version, terms, createDate);", + "}", + "", + "function textInputCallback() {", + " var prompt = getString(properties.options.prompt);", + " var defaultText = getString(properties.options.defaultText);", + " if (isStringPresent(properties.options.defaultText)) {", + " callbacksBuilder.textInputCallback(prompt, defaultText);", + " } else {", + " callbacksBuilder.textInputCallback(prompt);", + " }", + "}", + "", + "function textOutputCallback() {", + " var messageType = getString(properties.options.messageType);", + " var message = getString(properties.options.message);", + " callbacksBuilder.textOutputCallback(messageType, message);", + "}", + "", + "function validatedPasswordCallback() {", + " var prompt = getString(properties.options.prompt);", + " var echoOn = getBoolean(properties.options.echoOn);", + " var policies = getObject(properties.options.policies);", + " var validateOnly = getBoolean(properties.options.validateOnly);", + " var failedPolicies = getArray(properties.options.failedPolicies);", + " if (isArrayPresent(properties.options.failedPolicies)) {", + " callbacksBuilder.validatedPasswordCallback(prompt, echoOn, policies, validateOnly, failedPolicies);", + " } else {", + " callbacksBuilder.validatedPasswordCallback(prompt, echoOn, policies, validateOnly);", + " }", + "}", + "", + "function validatedUsernameCallback() {", + " var prompt = getString(properties.options.prompt);", + " var policies = getObject(properties.options.policies);", + " var validateOnly = getBoolean(properties.options.validateOnly);", + " var failedPolicies = getArray(properties.options.failedPolicies);", + " if (isArrayPresent(properties.options.failedPolicies)) {", + " callbacksBuilder.validatedUsernameCallback(prompt, policies, validateOnly, failedPolicies);", + " } else {", + " callbacksBuilder.validatedUsernameCallback(prompt, policies, validateOnly);", + " }", + "}", + "", + "function x509CertificateCallback() {", + " throw new Error('Not Implemented');", + "}", + "", + "function getBooleanAttributeInputCallback() {", + " setProperty(callbacks.getBooleanAttributeInputCallbacks().get(0));", + "}", + "", + "function getChoiceCallback() {", + " var multipleSelectionsAllowed = getBoolean(properties.options.multipleSelectionsAllowed);", + " var selections = callbacks.getChoiceCallbacks().get(0);", + " setProperty(multipleSelectionsAllowed ? selections : selections[0]);", + "}", + "", + "function getConfirmationCallback() {", + " setProperty(callbacks.getConfirmationCallbacks().get(0));", + "}", + "", + "function getConsentMappingCallback() {", + " setProperty(callbacks.getConsentMappingCallbacks().get(0));", + "}", + "", + "function getDeviceProfileCallback() {", + " setProperty(callbacks.getDeviceProfileCallbacks().get(0));", + "}", + "", + "function getHiddenValueCallback() {", + " var id = getString(properties.options.id);", + " setProperty(callbacks.getHiddenValueCallbacks().get(id));", + "}", + "", + "function getHttpCallback() {", + " setProperty(callbacks.getHttpCallbacks().get(0));", + "}", + "", + "function getIdPCallback() {", + " setProperty(callbacks.getIdpCallbacks().get(0));", + "}", + "", + "function getKbaCreateCallback() {", + " setProperty(callbacks.getKbaCreateCallbacks().get(0));", + "}", + "", + "function getLanguageCallback() {", + " setProperty(callbacks.getLanguageCallbacks().get(0));", + "}", + "", + "function getNameCallback() {", + " setProperty(callbacks.getNameCallbacks().get(0));", + "}", + "", + "function getNumberAttributeInputCallback() {", + " setProperty(callbacks.getNumberAttributeInputCallbacks().get(0));", + "}", + "", + "function getPasswordCallback() {", + " setProperty(callbacks.getPasswordCallbacks().get(0));", + "}", + "", + "function getSelectIdPCallback() {", + " setProperty(callbacks.getSelectIdPCallbacks().get(0));", + "}", + "", + "function getStringAttributeInputCallback() {", + " setProperty(callbacks.getStringAttributeInputCallbacks().get(0));", + "}", + "", + "function getTermsAndConditionsCallback() {", + " setProperty(callbacks.getTermsAndConditionsCallbacks().get(0));", + "}", + "", + "function getTextInputCallback() {", + " setProperty(callbacks.getTextInputCallbacks().get(0));", + "}", + "", + "function getValidatedPasswordCallback() {", + " setProperty(callbacks.getValidatedPasswordCallbacks().get(0));", + "}", + "", + "function getValidatedUsernameCallback() {", + " setProperty(callbacks.getValidatedUsernameCallbacks().get(0));", + "}", + "", + "function getX509CertificateCallback() {", + " setProperty(callbacks.getX509CertificateCallbacks().get(0));", + "}", + "", + "function main() {", + " if (!callbacks.isEmpty()) {", + " switch (properties.callback) {", + " case CALLBACKS.BOOLEAN_ATTRIBUTE_INPUT_CALLBACK: getBooleanAttributeInputCallback(); break;", + " case CALLBACKS.CHOICE_CALLBACK: getChoiceCallback(); break;", + " case CALLBACKS.CONFIRMATION_CALLBACK: getConfirmationCallback(); break;", + " case CALLBACKS.CONSENT_MAPPING_CALLBACK: getConsentMappingCallback(); break;", + " case CALLBACKS.DEVICE_PROFILE_CALLBACK: getDeviceProfileCallback(); break;", + " case CALLBACKS.HIDDEN_VALUE_CALLBACK: getHiddenValueCallback(); break;", + " case CALLBACKS.HTTP_CALLBACK: getHttpCallback(); break;", + " case CALLBACKS.IDP_CALLBACK: getIdPCallback(); break;", + " case CALLBACKS.KBA_CREATE_CALLBACK: getKbaCreateCallback(); break;", + " case CALLBACKS.LANGUAGE_CALLBACK: getLanguageCallback(); break;", + " case CALLBACKS.NAME_CALLBACK: getNameCallback(); break;", + " case CALLBACKS.NUMBER_ATTRIBUTE_INPUT_CALLBACK: getNumberAttributeInputCallback(); break;", + " case CALLBACKS.PASSWORD_CALLBACK: getPasswordCallback(); break;", + " case CALLBACKS.SELECT_IDP_CALLBACK: getSelectIdPCallback(); break;", + " case CALLBACKS.STRING_ATTRIBUTE_INPUT_CALLBACK: getStringAttributeInputCallback(); break;", + " case CALLBACKS.TERMS_AND_CONDITIONS_CALLBACK: getTermsAndConditionsCallback(); break;", + " case CALLBACKS.TEXT_INPUT_CALLBACK: getTextInputCallback(); break;", + " case CALLBACKS.VALIDATED_PASSWORD_CALLBACK: getValidatedPasswordCallback(); break;", + " case CALLBACKS.VALIDATED_USERNAME_CALLBACK: getValidatedUsernameCallback(); break;", + " case CALLBACKS.X509_CERTIFICATE_CALLBACK: getX509CertificateCallback(); break;", + " default: break;", + " }", + " action.goTo(SCRIPT_OUTCOMES.OUTCOME);", + " return;", + " }", + "", + " switch (properties.callback) {", + " case CALLBACKS.BOOLEAN_ATTRIBUTE_INPUT_CALLBACK: booleanAttributeInputCallback(); break;", + " case CALLBACKS.CHOICE_CALLBACK: choiceCallback(); break;", + " case CALLBACKS.CONFIRMATION_CALLBACK: confirmationCallback(); break;", + " case CALLBACKS.CONSENT_MAPPING_CALLBACK: consentMappingCallback(); break;", + " case CALLBACKS.DEVICE_PROFILE_CALLBACK: deviceProfileCallback(); break;", + " case CALLBACKS.HIDDEN_VALUE_CALLBACK: hiddenValueCallback(); break;", + " case CALLBACKS.HTTP_CALLBACK: httpCallback(); break;", + " case CALLBACKS.IDP_CALLBACK: idPCallback(); break;", + " case CALLBACKS.KBA_CREATE_CALLBACK: kbaCreateCallback(); break;", + " case CALLBACKS.LANGUAGE_CALLBACK: languageCallback(); break;", + " case CALLBACKS.METADATA_CALLBACK: metadataCallback(); break;", + " case CALLBACKS.NAME_CALLBACK: nameCallback(); break;", + " case CALLBACKS.NUMBER_ATTRIBUTE_INPUT_CALLBACK: numberAttributeInputCallback(); break;", + " case CALLBACKS.PASSWORD_CALLBACK: passwordCallback(); break;", + " case CALLBACKS.POLLING_WAIT_CALLBACK: pollingWaitCallback(); break;", + " case CALLBACKS.REDIRECT_CALLBACK: redirectCallback(); break;", + " case CALLBACKS.SCRIPT_TEXT_OUTPUT_CALLBACK: scriptTextOutputCallback(); break;", + " case CALLBACKS.SELECT_IDP_CALLBACK: selectIdPCallback(); break;", + " case CALLBACKS.STRING_ATTRIBUTE_INPUT_CALLBACK: stringAttributeInputCallback(); break;", + " case CALLBACKS.SUSPENDED_TEXT_OUTPUT_CALLBACK: suspendedTextOutputCallback(); break;", + " case CALLBACKS.TERMS_AND_CONDITIONS_CALLBACK: termsAndConditionsCallback(); break;", + " case CALLBACKS.TEXT_INPUT_CALLBACK: textInputCallback(); break;", + " case CALLBACKS.TEXT_OUTPUT_CALLBACK: textOutputCallback(); break;", + " case CALLBACKS.VALIDATED_PASSWORD_CALLBACK: validatedPasswordCallback(); break;", + " case CALLBACKS.VALIDATED_USERNAME_CALLBACK: validatedUsernameCallback(); break;", + " case CALLBACKS.X509_CERTIFICATE_CALLBACK: x509CertificateCallback(); break;", + " default: throw new Error('Unknown Callback'); // Should never reach this case", + " }", + "}", + "", + "main();", + "", + ], + "serviceName": "ef81b1a52c914710b3388caebfe7233a", + "tags": [ + "callback", + "utilities", + ], + }, + "session-1": { + "_id": "session-1", + "description": "Checks if the user has a current session.", + "displayName": "Has Session AM", + "errorOutcome": false, + "inputs": [], + "outcomes": [ + "True", + "False", + ], + "outputs": [], + "properties": {}, + "script": [ + "var SCRIPT_OUTCOMES = {", + " TRUE: 'True',", + " FALSE: 'False'", + "}", + "", + "function main() {", + " action.goTo(typeof existingSession === "undefined" ? SCRIPT_OUTCOMES.FALSE : SCRIPT_OUTCOMES.TRUE);", + "}", + "", + "main();", + "", + ], + "serviceName": "session", + "tags": [ + "utilities", + ], + }, + }, + "realm": { + "L2ZpcnN0": { + "_id": "L2ZpcnN0", + "active": true, + "aliases": [ + "one", + "dnsfirst", + ], + "name": "first", + "parentPath": "/", + }, + "L2ZpcnN0L3NlY29uZA": { + "_id": "L2ZpcnN0L3NlY29uZA", + "active": false, + "aliases": [ + "secondDNS", + "second", + ], + "name": "second", + "parentPath": "/first", + }, + "Lw": { + "_id": "Lw", + "active": true, + "aliases": [ + "localhost", + "openam-frodo-dev.classic.com", + "openam", + "testurl.com", + ], + "name": "/", + "parentPath": "", + }, + }, + "scripttype": { + "AUTHENTICATION_CLIENT_SIDE": { + "_id": "AUTHENTICATION_CLIENT_SIDE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "AUTHENTICATION_CLIENT_SIDE", + "allowLists": {}, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "[Empty]", + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "AUTHENTICATION_SERVER_SIDE": { + "_id": "AUTHENTICATION_SERVER_SIDE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "AUTHENTICATION_SERVER_SIDE", + "allowLists": { + "1.0": [ + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.HashMap$KeyIterator", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.HashMap$KeyIterator", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "7e3d7067-d50f-4674-8c76-a3e13a810c33", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.HashMap$KeyIterator", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "AUTHENTICATION_TREE_DECISION_NODE": { + "_id": "AUTHENTICATION_TREE_DECISION_NODE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "AUTHENTICATION_TREE_DECISION_NODE", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.concurrent.TimeUnit", + "java.util.Collections$*", + "java.util.HashSet", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "ch.qos.logback.classic.Logger", + "org.forgerock.util.promise.Promises$*", + "com.sun.proxy.$*", + "java.util.Date", + "java.security.spec.InvalidKeySpecException", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + "2.0", + ], + }, + }, + "defaultScript": "01e1a3c0-038b-4c16-956a-6c9d89328cff", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "CONFIG_PROVIDER_NODE": { + "_id": "CONFIG_PROVIDER_NODE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "CONFIG_PROVIDER_NODE", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "5e854779-6ec1-4c39-aeba-0477e0986646", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "LIBRARY": { + "_id": "LIBRARY", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "LIBRARY", + "allowLists": { + "1.0": [ + "java.lang.Float", + "org.forgerock.http.protocol.Header", + "java.lang.Integer", + "org.forgerock.http.Client", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Long", + "java.lang.Short", + "java.util.Map", + "org.forgerock.http.client.*", + "java.lang.Math", + "org.forgerock.opendj.ldap.Dn", + "java.lang.Byte", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "java.lang.StrictMath", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.http.Context", + "java.lang.Void", + "org.codehaus.groovy.runtime.GStringImpl", + "groovy.json.JsonSlurper", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.context.RootContext", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "java.util.List", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Responses", + "org.forgerock.util.promise.Promise", + "java.util.HashMap$KeyIterator", + "com.sun.identity.shared.debug.Debug", + "java.lang.Double", + "org.forgerock.http.protocol.Headers", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.http.protocol.Status", + "java.util.HashMap", + "java.lang.Character$Subset", + "java.util.TreeSet", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.LinkedHashMap", + "org.forgerock.http.protocol.ResponseException", + "java.util.Collections$UnmodifiableRandomAccessList", + "org.forgerock.http.protocol.Message", + "java.lang.Boolean", + "java.lang.String", + "java.lang.Number", + "java.util.LinkedList", + "java.util.LinkedHashSet", + "org.forgerock.http.protocol.Response", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.TreeMap", + "java.util.Collections$EmptyList", + "org.forgerock.openam.scripting.api.ScriptedSession", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.http.Handler", + "java.lang.Object", + "org.forgerock.http.protocol.Form", + "jdk.proxy*", + ], + "2.0": [ + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "JAVASCRIPT": [ + "2.0", + ], + }, + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.lang.Class", + "java.security.AccessController", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Float", + "org.forgerock.http.protocol.Header", + "java.lang.Integer", + "org.forgerock.http.Client", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Long", + "java.lang.Short", + "java.util.Map", + "org.forgerock.http.client.*", + "java.lang.Math", + "org.forgerock.opendj.ldap.Dn", + "java.lang.Byte", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "java.lang.StrictMath", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.http.Context", + "java.lang.Void", + "org.codehaus.groovy.runtime.GStringImpl", + "groovy.json.JsonSlurper", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.context.RootContext", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "java.util.List", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Responses", + "org.forgerock.util.promise.Promise", + "java.util.HashMap$KeyIterator", + "com.sun.identity.shared.debug.Debug", + "java.lang.Double", + "org.forgerock.http.protocol.Headers", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.http.protocol.Status", + "java.util.HashMap", + "java.lang.Character$Subset", + "java.util.TreeSet", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.LinkedHashMap", + "org.forgerock.http.protocol.ResponseException", + "java.util.Collections$UnmodifiableRandomAccessList", + "org.forgerock.http.protocol.Message", + "java.lang.Boolean", + "java.lang.String", + "java.lang.Number", + "java.util.LinkedList", + "java.util.LinkedHashSet", + "org.forgerock.http.protocol.Response", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.TreeMap", + "java.util.Collections$EmptyList", + "org.forgerock.openam.scripting.api.ScriptedSession", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.http.Handler", + "java.lang.Object", + "org.forgerock.http.protocol.Form", + ], + }, + "languages": [ + "JAVASCRIPT", + ], + }, + "OAUTH2_ACCESS_TOKEN_MODIFICATION": { + "_id": "OAUTH2_ACCESS_TOKEN_MODIFICATION", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_ACCESS_TOKEN_MODIFICATION", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER": { + "_id": "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "OAUTH2_EVALUATE_SCOPE": { + "_id": "OAUTH2_EVALUATE_SCOPE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_EVALUATE_SCOPE", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "OAUTH2_MAY_ACT": { + "_id": "OAUTH2_MAY_ACT", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_MAY_ACT", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "OAUTH2_SCRIPTED_JWT_ISSUER": { + "_id": "OAUTH2_SCRIPTED_JWT_ISSUER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_SCRIPTED_JWT_ISSUER", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "400e48ba-3f13-4144-ac7b-f824ea8e98c5", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "OAUTH2_VALIDATE_SCOPE": { + "_id": "OAUTH2_VALIDATE_SCOPE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_VALIDATE_SCOPE", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.InvalidScopeException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.InvalidScopeException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.InvalidScopeException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "OIDC_CLAIMS": { + "_id": "OIDC_CLAIMS", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OIDC_CLAIMS", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "POLICY_CONDITION": { + "_id": "POLICY_CONDITION", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "POLICY_CONDITION", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "java.util.Collections$EmptyList", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "9de3eb62-f131-4fac-a294-7bd170fd4acb", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "java.util.Collections$EmptyList", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "SAML2_IDP_ADAPTER": { + "_id": "SAML2_IDP_ADAPTER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "SAML2_IDP_ADAPTER", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "com.sun.identity.saml2.plugins.scripted.IdpAdapterScriptHelper", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.sun.identity.common.CaseInsensitiveHashMap", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "org.forgerock.util.promise.PromiseImpl", + "javax.servlet.http.Cookie", + "org.xml.sax.InputSource", + "java.security.cert.CertificateFactory", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "248b8a56-df81-4b1b-b4ba-45d994f6504c", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "com.sun.identity.saml2.plugins.scripted.IdpAdapterScriptHelper", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "SAML2_IDP_ATTRIBUTE_MAPPER": { + "_id": "SAML2_IDP_ATTRIBUTE_MAPPER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "SAML2_IDP_ATTRIBUTE_MAPPER", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "javax.servlet.http.Cookie", + "javax.xml.parsers.DocumentBuilder", + "javax.xml.parsers.DocumentBuilderFactory", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.w3c.dom.Document", + "org.w3c.dom.Element", + "org.xml.sax.InputSource", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.sun.identity.common.CaseInsensitiveHashMap", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "org.forgerock.util.promise.PromiseImpl", + "javax.servlet.http.Cookie", + "org.xml.sax.InputSource", + "java.security.cert.CertificateFactory", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "c4f22465-2368-4e27-8013-e6399974fd48", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "javax.servlet.http.Cookie", + "javax.xml.parsers.DocumentBuilder", + "javax.xml.parsers.DocumentBuilderFactory", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.w3c.dom.Document", + "org.w3c.dom.Element", + "org.xml.sax.InputSource", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "SAML2_SP_ADAPTER": { + "_id": "SAML2_SP_ADAPTER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "SAML2_SP_ADAPTER", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "com.sun.identity.saml2.plugins.scripted.SpAdapterScriptHelper", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.sun.identity.common.CaseInsensitiveHashMap", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "org.forgerock.util.promise.PromiseImpl", + "javax.servlet.http.Cookie", + "org.xml.sax.InputSource", + "java.security.cert.CertificateFactory", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "69f06e63-128c-4e2f-af52-079a8a6f448b", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "com.sun.identity.saml2.plugins.scripted.SpAdapterScriptHelper", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + "SOCIAL_IDP_PROFILE_TRANSFORMATION": { + "_id": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "allowLists": { + "1.0": [ + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$Node", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Response", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.oauth.clients.oidc.Claim", + "java.util.Locale", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$Node", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Response", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.oauth.clients.oidc.Claim", + "java.util.Locale", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "1d475815-72cb-42eb-aafd-4026989d28a7", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$Node", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Response", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.oauth.clients.oidc.Claim", + "java.util.Locale", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, + "secrets": { + "GlobalSecrets": { + "_id": "GlobalSecrets", + "_type": { + "_id": "GlobalSecrets", + "collection": false, + "name": "Global Secrets Settings", + }, + "storeTypes": [ + "EnvironmentAndSystemPropertySecretStore", + "KeyStoreSecretStore", + "GoogleSecretManagerSecretStoreProvider", + "GoogleKeyManagementServiceSecretStore", + "HsmSecretStore", + "FileSystemSecretStore", + ], + }, + }, + "secretstore": { + "EnvironmentAndSystemPropertySecretStore": { + "_id": "EnvironmentAndSystemPropertySecretStore", + "_type": { + "_id": "EnvironmentAndSystemPropertySecretStore", + "collection": false, + "name": "Environment and System Property Secrets Store", + }, + "format": "BASE64", + }, + "default-keystore": { + "_id": "default-keystore", + "_type": { + "_id": "KeyStoreSecretStore", + "collection": true, + "name": "Keystore", + }, + "file": "/root/am/security/keystores/keystore.jceks", + "keyEntryPassword": "entrypass", + "leaseExpiryDuration": 5, + "mappings": [ + { + "_id": "am.applications.agents.remote.consent.request.signing.ES256", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es256test", + ], + "secretId": "am.applications.agents.remote.consent.request.signing.ES256", + }, + { + "_id": "am.applications.agents.remote.consent.request.signing.ES384", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es384test", + ], + "secretId": "am.applications.agents.remote.consent.request.signing.ES384", + }, + { + "_id": "am.applications.agents.remote.consent.request.signing.ES512", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es512test", + ], + "secretId": "am.applications.agents.remote.consent.request.signing.ES512", + }, + { + "_id": "am.applications.agents.remote.consent.request.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.applications.agents.remote.consent.request.signing.RSA", + }, + { + "_id": "am.authentication.nodes.persistentcookie.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.authentication.nodes.persistentcookie.encryption", + }, + { + "_id": "am.authn.authid.signing.HMAC", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.authn.authid.signing.HMAC", + }, + { + "_id": "am.authn.trees.transientstate.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "directenctest", + ], + "secretId": "am.authn.trees.transientstate.encryption", + }, + { + "_id": "am.default.applications.federation.entity.providers.saml2.idp.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.default.applications.federation.entity.providers.saml2.idp.encryption", + }, + { + "_id": "am.default.applications.federation.entity.providers.saml2.idp.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.default.applications.federation.entity.providers.saml2.idp.signing", + }, + { + "_id": "am.default.applications.federation.entity.providers.saml2.sp.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.default.applications.federation.entity.providers.saml2.sp.encryption", + }, + { + "_id": "am.default.applications.federation.entity.providers.saml2.sp.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.default.applications.federation.entity.providers.saml2.sp.signing", + }, + { + "_id": "am.default.authentication.modules.persistentcookie.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.default.authentication.modules.persistentcookie.encryption", + }, + { + "_id": "am.default.authentication.modules.persistentcookie.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.default.authentication.modules.persistentcookie.signing", + }, + { + "_id": "am.default.authentication.nodes.persistentcookie.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.default.authentication.nodes.persistentcookie.signing", + }, + { + "_id": "am.global.services.oauth2.oidc.agent.idtoken.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.global.services.oauth2.oidc.agent.idtoken.signing", + }, + { + "_id": "am.global.services.saml2.client.storage.jwt.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "directenctest", + ], + "secretId": "am.global.services.saml2.client.storage.jwt.encryption", + }, + { + "_id": "am.global.services.session.clientbased.encryption.AES", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "aestest", + ], + "secretId": "am.global.services.session.clientbased.encryption.AES", + }, + { + "_id": "am.global.services.session.clientbased.signing.HMAC", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.global.services.session.clientbased.signing.HMAC", + }, + { + "_id": "am.services.iot.jwt.issuer.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.services.iot.jwt.issuer.signing", + }, + { + "_id": "am.services.oauth2.jwt.authenticity.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.services.oauth2.jwt.authenticity.signing", + }, + { + "_id": "am.services.oauth2.oidc.decryption.RSA.OAEP", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.oidc.decryption.RSA.OAEP", + }, + { + "_id": "am.services.oauth2.oidc.decryption.RSA.OAEP.256", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.oidc.decryption.RSA.OAEP.256", + }, + { + "_id": "am.services.oauth2.oidc.decryption.RSA1.5", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.oidc.decryption.RSA1.5", + }, + { + "_id": "am.services.oauth2.oidc.rp.idtoken.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.oidc.rp.idtoken.encryption", + }, + { + "_id": "am.services.oauth2.oidc.rp.jwt.authenticity.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.oauth2.oidc.rp.jwt.authenticity.signing", + }, + { + "_id": "am.services.oauth2.oidc.signing.ES256", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es256test", + ], + "secretId": "am.services.oauth2.oidc.signing.ES256", + }, + { + "_id": "am.services.oauth2.oidc.signing.ES384", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es384test", + ], + "secretId": "am.services.oauth2.oidc.signing.ES384", + }, + { + "_id": "am.services.oauth2.oidc.signing.ES512", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es512test", + ], + "secretId": "am.services.oauth2.oidc.signing.ES512", + }, + { + "_id": "am.services.oauth2.oidc.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.oauth2.oidc.signing.RSA", + }, + { + "_id": "am.services.oauth2.remote.consent.request.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "selfserviceenctest", + ], + "secretId": "am.services.oauth2.remote.consent.request.encryption", + }, + { + "_id": "am.services.oauth2.remote.consent.response.decryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.remote.consent.response.decryption", + }, + { + "_id": "am.services.oauth2.remote.consent.response.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.oauth2.remote.consent.response.signing.RSA", + }, + { + "_id": "am.services.oauth2.stateless.signing.ES256", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es256test", + ], + "secretId": "am.services.oauth2.stateless.signing.ES256", + }, + { + "_id": "am.services.oauth2.stateless.signing.ES384", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es384test", + ], + "secretId": "am.services.oauth2.stateless.signing.ES384", + }, + { + "_id": "am.services.oauth2.stateless.signing.ES512", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es512test", + ], + "secretId": "am.services.oauth2.stateless.signing.ES512", + }, + { + "_id": "am.services.oauth2.stateless.signing.HMAC", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.services.oauth2.stateless.signing.HMAC", + }, + { + "_id": "am.services.oauth2.stateless.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.oauth2.stateless.signing.RSA", + }, + { + "_id": "am.services.oauth2.stateless.token.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "directenctest", + ], + "secretId": "am.services.oauth2.stateless.token.encryption", + }, + { + "_id": "am.services.saml2.metadata.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.saml2.metadata.signing.RSA", + }, + { + "_id": "am.services.uma.pct.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "directenctest", + ], + "secretId": "am.services.uma.pct.encryption", + }, + ], + "providerName": "SunJCE", + "storePassword": "storepass", + "storetype": "JCEKS", + }, + "default-passwords-store": { + "_id": "default-passwords-store", + "_type": { + "_id": "FileSystemSecretStore", + "collection": true, + "name": "File System Secret Volumes", + }, + "directory": "/root/am/security/secrets/encrypted", + "format": "ENCRYPTED_PLAIN", + }, + }, + "server": { + "defaultProperties": { + "advanced": { + "_id": "null/properties/advanced", + "com.iplanet.am.buildDate": "2024-March-28 16:00", + "com.iplanet.am.buildRevision": "89116d59a1ebe73ed1931dd3649adb7f217cd06b", + "com.iplanet.am.buildVersion": "ForgeRock Access Management 7.5.0", + "com.iplanet.am.cookie.c66Encode": true, + "com.iplanet.am.daemons": "securid", + "com.iplanet.am.directory.ssl.enabled": false, + "com.iplanet.am.installdir": "%BASE_DIR%", + "com.iplanet.am.jssproxy.SSLTrustHostList": "", + "com.iplanet.am.jssproxy.checkSubjectAltName": false, + "com.iplanet.am.jssproxy.resolveIPAddress": false, + "com.iplanet.am.jssproxy.trustAllServerCerts": false, + "com.iplanet.am.lbcookie.name": "amlbcookie", + "com.iplanet.am.lbcookie.value": "00", + "com.iplanet.am.logstatus": "ACTIVE", + "com.iplanet.am.pcookie.name": "DProPCookie", + "com.iplanet.am.profile.host": "%SERVER_HOST%", + "com.iplanet.am.profile.port": "%SERVER_PORT%", + "com.iplanet.am.serverMode": true, + "com.iplanet.am.session.agentSessionIdleTime": "1440", + "com.iplanet.am.session.client.polling.enable": false, + "com.iplanet.am.session.client.polling.period": "180", + "com.iplanet.am.session.httpSession.enabled": "true", + "com.iplanet.am.version": "ForgeRock Access Management 7.5.0 Build 89116d59a1ebe73ed1931dd3649adb7f217cd06b (2024-March-28 16:00)", + "com.iplanet.security.SSLSocketFactoryImpl": "com.sun.identity.shared.ldap.factory.JSSESocketFactory", + "com.sun.am.event.notification.expire.time": "5", + "com.sun.embedded.sync.servers": "on", + "com.sun.identity.am.cookie.check": false, + "com.sun.identity.auth.cookieName": "AMAuthCookie", + "com.sun.identity.authentication.multiple.tabs.used": false, + "com.sun.identity.authentication.setCookieToAllDomains": true, + "com.sun.identity.authentication.special.users": "cn=dsameuser,ou=DSAME Users,%ROOT_SUFFIX%|cn=amService-UrlAccessAgent,ou=DSAME Users,%ROOT_SUFFIX%", + "com.sun.identity.authentication.super.user": "uid=amAdmin,ou=People,%ROOT_SUFFIX%", + "com.sun.identity.authentication.uniqueCookieName": "sunIdentityServerAuthNServer", + "com.sun.identity.cookie.httponly": true, + "com.sun.identity.cookie.samesite": "off", + "com.sun.identity.enableUniqueSSOTokenCookie": false, + "com.sun.identity.jss.donotInstallAtHighestPriority": true, + "com.sun.identity.monitoring": "off", + "com.sun.identity.monitoring.local.conn.server.url": "service:jmx:rmi://", + "com.sun.identity.password.deploymentDescriptor": "%SERVER_URI%", + "com.sun.identity.plugin.configuration.class": "@CONFIGURATION_PROVIDER_CLASS@", + "com.sun.identity.plugin.datastore.class.default": "@DATASTORE_PROVIDER_CLASS@", + "com.sun.identity.plugin.log.class": "@LOG_PROVIDER_CLASS@", + "com.sun.identity.plugin.monitoring.agent.class": "@MONAGENT_PROVIDER_CLASS@", + "com.sun.identity.plugin.monitoring.saml2.class": "@MONSAML2_PROVIDER_CLASS@", + "com.sun.identity.plugin.session.class": "@SESSION_PROVIDER_CLASS@", + "com.sun.identity.policy.Policy.policy_evaluation_weights": "10:10:10", + "com.sun.identity.policy.resultsCacheMaxSize": "10000", + "com.sun.identity.policy.resultsCacheResourceCap": "20", + "com.sun.identity.saml.xmlsig.keyprovider.class": "@XMLSIG_KEY_PROVIDER@", + "com.sun.identity.saml.xmlsig.passwordDecoder": "@PASSWORD_DECODER_CLASS@", + "com.sun.identity.saml.xmlsig.signatureprovider.class": "@XML_SIGNATURE_PROVIDER@", + "com.sun.identity.security.checkcaller": false, + "com.sun.identity.server.fqdnMap[dnsfirst]": "dnsfirst", + "com.sun.identity.server.fqdnMap[hello]": "hello", + "com.sun.identity.server.fqdnMap[localhost]": "localhost", + "com.sun.identity.server.fqdnMap[openam-frodo-dev.classic.com]": "openam-frodo-dev.classic.com", + "com.sun.identity.server.fqdnMap[openam]": "openam", + "com.sun.identity.server.fqdnMap[secondDNS]": "secondDNS", + "com.sun.identity.session.repository.enableAttributeCompression": false, + "com.sun.identity.session.repository.enableCompression": false, + "com.sun.identity.session.repository.enableEncryption": false, + "com.sun.identity.sm.cache.ttl": "30", + "com.sun.identity.sm.cache.ttl.enable": false, + "com.sun.identity.url.readTimeout": "30000", + "com.sun.identity.webcontainer": "WEB_CONTAINER", + "dynamic.datastore.creation.enabled": false, + "openam.auth.destroy_session_after_upgrade": true, + "openam.auth.distAuthCookieName": "AMDistAuthCookie", + "openam.auth.session_property_upgrader": "org.forgerock.openam.authentication.service.DefaultSessionPropertyUpgrader", + "openam.auth.version.header.enabled": false, + "openam.authentication.ignore_goto_during_logout": false, + "openam.cdm.default.charset": "UTF-8", + "openam.forbidden.to.copy.headers": "connection", + "openam.forbidden.to.copy.request.headers": "connection", + "openam.oauth2.client.jwt.encryption.algorithm.allow.list": "RSA-OAEP,RSA-OAEP-256,ECDH-ES", + "openam.oauth2.client.jwt.unreasonable.lifetime.limit.minutes": "30", + "openam.retained.http.headers": "X-DSAMEVersion", + "openam.retained.http.request.headers": "X-DSAMEVersion", + "openam.serviceattributevalidator.classes.whitelist": "org.forgerock.openam.auth.nodes.validators.GreaterThanZeroValidator,org.forgerock.openam.auth.nodes.validators.HMACKeyLengthValidator,org.forgerock.openam.auth.nodes.validators.HmacSigningKeyValidator,org.forgerock.openam.auth.nodes.validators.PercentageValidator,org.forgerock.openam.auth.nodes.validators.QueryFilterValidator,org.forgerock.openam.auth.nodes.validators.SessionPropertyNameValidator,org.forgerock.openam.auth.nodes.validators.SessionPropertyValidator,org.forgerock.openam.auth.nodes.framework.validators.NodeValueValidator,org.forgerock.openam.audit.validation.PositiveIntegerValidator,org.forgerock.openam.authentication.modules.fr.oath.validators.AlphaNumericValidator,org.forgerock.openam.authentication.modules.fr.oath.validators.CodeLengthValidator,org.forgerock.openam.authentication.modules.persistentcookie.validation.SigningKeyValidator,com.sun.identity.common.configuration.DuplicateKeyMapValueValidator,com.sun.identity.common.configuration.AgentClientIpModeValueValidator,com.sun.identity.common.configuration.FilterModeValueValidator,com.sun.identity.common.configuration.GlobalMapValueValidator,com.sun.identity.common.configuration.ListValueValidator,com.sun.identity.common.configuration.MapValueValidator,com.sun.identity.common.configuration.ServerPropertyValidator,com.sun.identity.policy.ResourceComparatorValidator,com.sun.identity.sm.EmailValidator,com.sun.identity.sm.IPAddressValidator,com.sun.identity.sm.RequiredValueValidator,com.sun.identity.sm.ServerIDValidator,com.sun.identity.sm.SiteIDValidator,org.forgerock.openam.sm.validation.Base64EncodedBinaryValidator,org.forgerock.openam.sm.validation.BlankValueValidator,org.forgerock.openam.sm.validation.DurationValidator,org.forgerock.openam.sm.validation.EndpointValidator,org.forgerock.openam.sm.validation.HostnameValidator,org.forgerock.openam.sm.validation.PortValidator,org.forgerock.openam.sm.validation.SecretIdValidator,org.forgerock.openam.sm.validation.StatelessSessionSigningAlgorithmValidator,org.forgerock.openam.sm.validation.StringMapValidator,org.forgerock.openam.sm.validation.URLValidator,org.forgerock.openam.selfservice.config.KeyAliasValidator,org.forgerock.openam.sm.validation.UniqueIndexedValuesValidator,org.forgerock.openam.webhook.HttpHeaderValidator,org.forgerock.oauth2.core.ClientRedirectUriValidator", + "openam.session.case.sensitive.uuid": false, + "org.forgerock.allow.http.client.debug": false, + "org.forgerock.am.auth.chains.authindexuser.strict": true, + "org.forgerock.am.auth.node.otp.inSharedState": false, + "org.forgerock.am.auth.trees.authenticate.identified.identity": true, + "org.forgerock.openam.audit.additionalSuccessStatusCodesEnabled": true, + "org.forgerock.openam.audit.identity.activity.events.blacklist": "AM-ACCESS-ATTEMPT,AM-IDENTITY-CHANGE,AM-GROUP-CHANGE", + "org.forgerock.openam.auth.transactionauth.returnErrorOnAuthFailure": false, + "org.forgerock.openam.authLevel.excludeRequiredOrRequisite": false, + "org.forgerock.openam.authentication.forceAuth.enabled": false, + "org.forgerock.openam.console.autocomplete.enabled": true, + "org.forgerock.openam.core.resource.lookup.cache.enabled": true, + "org.forgerock.openam.core.sms.placeholder_api_enabled": "OFF", + "org.forgerock.openam.devices.recovery.use_insecure_storage": false, + "org.forgerock.openam.encryption.key.digest": "SHA1", + "org.forgerock.openam.encryption.key.iterations": "10000", + "org.forgerock.openam.encryption.key.size": "128", + "org.forgerock.openam.httpclienthandler.system.clients.connection.timeout": "10 seconds", + "org.forgerock.openam.httpclienthandler.system.clients.max.connections": "64", + "org.forgerock.openam.httpclienthandler.system.clients.pool.ttl": "-1", + "org.forgerock.openam.httpclienthandler.system.clients.response.timeout": "10 seconds", + "org.forgerock.openam.httpclienthandler.system.clients.retry.failed.requests.enabled": true, + "org.forgerock.openam.httpclienthandler.system.clients.reuse.connections.enabled": true, + "org.forgerock.openam.httpclienthandler.system.nonProxyHosts": "localhost,127.*,[::1],0.0.0.0,[::0]", + "org.forgerock.openam.httpclienthandler.system.proxy.enabled": false, + "org.forgerock.openam.httpclienthandler.system.proxy.password": null, + "org.forgerock.openam.httpclienthandler.system.proxy.uri": "", + "org.forgerock.openam.httpclienthandler.system.proxy.username": "", + "org.forgerock.openam.idm.attribute.names.lower.case": false, + "org.forgerock.openam.idrepo.ldapv3.passwordpolicy.allowDiagnosticMessage": false, + "org.forgerock.openam.idrepo.ldapv3.proxyauth.passwordreset.adminRequest": "isAdminPasswordChangeRequest", + "org.forgerock.openam.introspect.token.query.param.allowed": false, + "org.forgerock.openam.ldap.dncache.expire.time": "0", + "org.forgerock.openam.ldap.heartbeat.timeout": "10", + "org.forgerock.openam.ldap.keepalive.search.base": "", + "org.forgerock.openam.ldap.keepalive.search.filter": "(objectClass=*)", + "org.forgerock.openam.ldap.secure.protocol.version": "TLSv1.3,TLSv1.2", + "org.forgerock.openam.notifications.agents.enabled": true, + "org.forgerock.openam.oauth2.checkIssuerForIdTokenInfo": true, + "org.forgerock.openam.radius.server.context.cache.size": "5000", + "org.forgerock.openam.redirecturlvalidator.maxUrlLength": "2000", + "org.forgerock.openam.request.max.bytes.entity.size": "1048576", + "org.forgerock.openam.saml2.authenticatorlookup.skewAllowance": "60", + "org.forgerock.openam.scripting.maxinterpreterstackdepth": "10000", + "org.forgerock.openam.secrets.special.user.passwords.format": "ENCRYPTED_PLAIN", + "org.forgerock.openam.secrets.special.user.secret.refresh.seconds": "900", + "org.forgerock.openam.session.service.persistence.deleteAsynchronously": true, + "org.forgerock.openam.session.stateless.encryption.method": "A128CBC-HS256", + "org.forgerock.openam.session.stateless.rsa.padding": "RSA-OAEP-256", + "org.forgerock.openam.session.stateless.signing.allownone": false, + "org.forgerock.openam.showServletTraceInBrowser": false, + "org.forgerock.openam.slf4j.enableTraceInMessage": false, + "org.forgerock.openam.smtp.system.connect.timeout": "10000", + "org.forgerock.openam.smtp.system.socket.read.timeout": "10000", + "org.forgerock.openam.smtp.system.socket.write.timeout": "10000", + "org.forgerock.openam.sso.providers.list": "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOProvider", + "org.forgerock.openam.timerpool.shutdown.retry.interval": "15000", + "org.forgerock.openam.timerpool.shutdown.retry.limit": "3", + "org.forgerock.openam.timerpool.shutdown.retry.multiplier": "1.5", + "org.forgerock.openam.trees.consumedstatedata.cache.size": "15", + "org.forgerock.openam.trees.ids.cache.size": "50", + "org.forgerock.openam.url.connectTimeout": "1000", + "org.forgerock.openam.xui.user.session.validation.enabled": true, + "org.forgerock.openidconnect.ssoprovider.maxcachesize": "5000", + "org.forgerock.security.entitlement.enforce.realm": true, + "org.forgerock.security.oauth2.enforce.sub.claim.uniqueness": true, + "org.forgerock.services.cts.store.reaper.enabled": true, + "org.forgerock.services.cts.store.ttlsupport.enabled": false, + "org.forgerock.services.cts.store.ttlsupport.exclusionlist": "", + "org.forgerock.services.default.store.max.connections": "", + "org.forgerock.services.default.store.min.connections": "", + "org.forgerock.services.openid.request.object.lifespan": "120000", + "securidHelper.ports": "58943", + }, + "cts": { + "_id": "null/properties/cts", + "amconfig.org.forgerock.services.cts.store.common.section": { + "org.forgerock.services.cts.store.location": "default", + "org.forgerock.services.cts.store.max.connections": "100", + "org.forgerock.services.cts.store.page.size": "0", + "org.forgerock.services.cts.store.root.suffix": "", + "org.forgerock.services.cts.store.vlv.page.size": "1000", + }, + "amconfig.org.forgerock.services.cts.store.external.section": { + "org.forgerock.services.cts.store.directory.name": "", + "org.forgerock.services.cts.store.heartbeat": "10", + "org.forgerock.services.cts.store.loginid": "", + "org.forgerock.services.cts.store.mtls.enabled": "", + "org.forgerock.services.cts.store.password": null, + "org.forgerock.services.cts.store.ssl.enabled": "", + "org.forgerock.services.cts.store.starttls.enabled": "", + }, + }, + "general": { + "_id": "null/properties/general", + "amconfig.header.debug": { + "com.iplanet.services.debug.directory": "%BASE_DIR%/var/debug", + "com.iplanet.services.debug.level": "off", + "com.sun.services.debug.mergeall": "on", + }, + "amconfig.header.installdir": { + "com.iplanet.am.locale": "en_US", + "com.iplanet.am.util.xml.validating": "off", + "com.iplanet.services.configpath": "%BASE_DIR%", + "com.sun.identity.client.notification.url": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", + }, + "amconfig.header.mailserver": { + "com.iplanet.am.smtphost": "localhost", + "com.iplanet.am.smtpport": "25", + }, + }, + "sdk": { + "_id": "null/properties/sdk", + "amconfig.header.cachingreplica": { + "com.iplanet.am.sdk.cache.maxSize": "10000", + }, + "amconfig.header.datastore": { + "com.sun.identity.sm.enableDataStoreNotification": false, + "com.sun.identity.sm.notification.threadpool.size": "1", + }, + "amconfig.header.eventservice": { + "com.iplanet.am.event.connection.delay.between.retries": "3000", + "com.iplanet.am.event.connection.ldap.error.codes.retries": "80,81,91", + "com.iplanet.am.event.connection.num.retries": "3", + "com.sun.am.event.connection.disable.list": "aci,um,sm", + }, + "amconfig.header.ldapconnection": { + "com.iplanet.am.ldap.connection.delay.between.retries": "1000", + "com.iplanet.am.ldap.connection.ldap.error.codes.retries": "80,81,91", + "com.iplanet.am.ldap.connection.num.retries": "3", + }, + "amconfig.header.sdktimetoliveconfig": { + "com.iplanet.am.sdk.cache.entry.default.expire.time": "30", + "com.iplanet.am.sdk.cache.entry.expire.enabled": false, + "com.iplanet.am.sdk.cache.entry.user.expire.time": "15", + }, + }, + "security": { + "_id": "null/properties/security", + "amconfig.header.cookie": { + "com.iplanet.am.cookie.encode": false, + "com.iplanet.am.cookie.name": "iPlanetDirectoryPro", + "com.iplanet.am.cookie.secure": false, + }, + "amconfig.header.crlcache": { + "com.sun.identity.crl.cache.directory.host": "", + "com.sun.identity.crl.cache.directory.mtlsenabled": false, + "com.sun.identity.crl.cache.directory.password": null, + "com.sun.identity.crl.cache.directory.port": "", + "com.sun.identity.crl.cache.directory.searchattr": "", + "com.sun.identity.crl.cache.directory.searchlocs": "", + "com.sun.identity.crl.cache.directory.ssl": false, + "com.sun.identity.crl.cache.directory.user": "", + }, + "amconfig.header.deserialisationwhitelist": { + "openam.deserialisation.classes.whitelist": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", + }, + "amconfig.header.encryption": { + "am.encryption.pwd": "@AM_ENC_PWD@", + "am.encryption.secret.enabled": false, + "am.encryption.secret.keystoreType": "JCEKS", + "com.iplanet.security.SecureRandomFactoryImpl": "com.iplanet.am.util.SecureRandomFactoryImpl", + "com.iplanet.security.encryptor": "com.iplanet.services.util.JCEEncryption", + }, + "amconfig.header.ocsp.check": { + "com.sun.identity.authentication.ocsp.responder.nickname": "", + "com.sun.identity.authentication.ocsp.responder.url": "", + "com.sun.identity.authentication.ocspCheck": false, + }, + "amconfig.header.securitykey": { + "com.sun.identity.saml.xmlsig.certalias": "test", + "com.sun.identity.saml.xmlsig.keypass": "%BASE_DIR%/security/secrets/default/.keypass", + "com.sun.identity.saml.xmlsig.keystore": "%BASE_DIR%/security/keystores/keystore.jceks", + "com.sun.identity.saml.xmlsig.storepass": "%BASE_DIR%/security/secrets/default/.storepass", + "com.sun.identity.saml.xmlsig.storetype": "JCEKS", + }, + "amconfig.header.validation": { + "com.iplanet.am.clientIPCheckEnabled": false, + "com.iplanet.services.comm.server.pllrequest.maxContentLength": "16384", + }, + }, + "session": { + "_id": "null/properties/session", + "amconfig.header.sessionlogging": { + "com.iplanet.am.stats.interval": "60", + "com.iplanet.services.stats.directory": "%BASE_DIR%/var/stats", + "com.iplanet.services.stats.state": "file", + "com.sun.am.session.enableHostLookUp": false, + }, + "amconfig.header.sessionnotification": { + "com.iplanet.am.notification.threadpool.size": "10", + "com.iplanet.am.notification.threadpool.threshold": "5000", + }, + "amconfig.header.sessionthresholds": { + "com.iplanet.am.session.invalidsessionmaxtime": "3", + "org.forgerock.openam.session.service.access.persistence.caching.maxsize": "5000", + }, + "amconfig.header.sessionvalidation": { + "com.sun.am.session.caseInsensitiveDN": true, + }, + }, + "uma": { + "_id": "null/properties/uma", + "amconfig.org.forgerock.services.resourcesets.store.common.section": { + "org.forgerock.services.resourcesets.store.location": "default", + "org.forgerock.services.resourcesets.store.max.connections": "10", + "org.forgerock.services.resourcesets.store.root.suffix": "", + }, + "amconfig.org.forgerock.services.resourcesets.store.external.section": { + "org.forgerock.services.resourcesets.store.directory.name": "", + "org.forgerock.services.resourcesets.store.heartbeat": "10", + "org.forgerock.services.resourcesets.store.loginid": "", + "org.forgerock.services.resourcesets.store.mtls.enabled": "", + "org.forgerock.services.resourcesets.store.password": null, + "org.forgerock.services.resourcesets.store.ssl.enabled": "", + "org.forgerock.services.resourcesets.store.starttls.enabled": "", + }, + "amconfig.org.forgerock.services.uma.labels.store.common.section": { + "org.forgerock.services.uma.labels.store.location": "default", + "org.forgerock.services.uma.labels.store.max.connections": "2", + "org.forgerock.services.uma.labels.store.root.suffix": "", + }, + "amconfig.org.forgerock.services.uma.labels.store.external.section": { + "org.forgerock.services.uma.labels.store.directory.name": "", + "org.forgerock.services.uma.labels.store.heartbeat": "10", + "org.forgerock.services.uma.labels.store.loginid": "", + "org.forgerock.services.uma.labels.store.mtls.enabled": "", + "org.forgerock.services.uma.labels.store.password": null, + "org.forgerock.services.uma.labels.store.ssl.enabled": "", + "org.forgerock.services.uma.labels.store.starttls.enabled": "", + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { + "org.forgerock.services.uma.pendingrequests.store.location": "default", + "org.forgerock.services.uma.pendingrequests.store.max.connections": "10", + "org.forgerock.services.uma.pendingrequests.store.root.suffix": "", + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { + "org.forgerock.services.uma.pendingrequests.store.directory.name": "", + "org.forgerock.services.uma.pendingrequests.store.heartbeat": "10", + "org.forgerock.services.uma.pendingrequests.store.loginid": "", + "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": "", + "org.forgerock.services.uma.pendingrequests.store.password": null, + "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": "", + "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": "", + }, + "amconfig.org.forgerock.services.umaaudit.store.common.section": { + "org.forgerock.services.umaaudit.store.location": "default", + "org.forgerock.services.umaaudit.store.max.connections": "10", + "org.forgerock.services.umaaudit.store.root.suffix": "", + }, + "amconfig.org.forgerock.services.umaaudit.store.external.section": { + "org.forgerock.services.umaaudit.store.directory.name": "", + "org.forgerock.services.umaaudit.store.heartbeat": "10", + "org.forgerock.services.umaaudit.store.loginid": "", + "org.forgerock.services.umaaudit.store.mtls.enabled": "", + "org.forgerock.services.umaaudit.store.password": null, + "org.forgerock.services.umaaudit.store.ssl.enabled": "", + "org.forgerock.services.umaaudit.store.starttls.enabled": "", + }, + }, + }, + "server": { + "01": { + "_id": "01", + "properties": { + "advanced": { + "_id": "01/properties/advanced", + "bootstrap.file": "/root/.openamcfg/AMConfig_usr_local_tomcat_webapps_am_", + "com.iplanet.am.lbcookie.value": "01", + "com.iplanet.am.serverMode": true, + "com.iplanet.security.SSLSocketFactoryImpl": "com.sun.identity.shared.ldap.factory.JSSESocketFactory", + "com.sun.embedded.replicationport": "", + "com.sun.embedded.sync.servers": "on", + "com.sun.identity.common.systemtimerpool.size": "3", + "com.sun.identity.sm.sms_object_class_name": "com.sun.identity.sm.SmsWrapperObject", + "com.sun.identity.urlconnection.useCache": false, + "opensso.protocol.handler.pkgs": "", + "org.forgerock.embedded.dsadminport": "4444", + }, + "cts": { + "_id": "01/properties/cts", + "amconfig.org.forgerock.services.cts.store.common.section": { + "org.forgerock.services.cts.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.cts.store.max.connections": { + "inherited": true, + "value": "100", + }, + "org.forgerock.services.cts.store.page.size": { + "inherited": true, + "value": "0", + }, + "org.forgerock.services.cts.store.root.suffix": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.vlv.page.size": { + "inherited": true, + "value": "1000", + }, + }, + "amconfig.org.forgerock.services.cts.store.external.section": { + "org.forgerock.services.cts.store.affinity.enabled": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.cts.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + }, + "directoryConfiguration": { + "_id": "01/properties/directoryConfiguration", + "directoryConfiguration": { + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "maxConnectionPool": 10, + "minConnectionPool": 1, + "mtlsAlias": "", + "mtlsEnabled": false, + "mtlsKeyPasswordFile": "", + "mtlsKeyStoreFile": "", + "mtlsKeyStorePasswordFile": "", + "mtlsKeyStoreType": null, + }, + "directoryServers": [ + { + "connectionType": "SSL", + "hostName": "localhost", + "portNumber": "50636", + "serverName": "Server1", + }, + ], + }, + "general": { + "_id": "01/properties/general", + "amconfig.header.debug": { + "com.iplanet.services.debug.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/debug", + }, + "com.iplanet.services.debug.level": { + "inherited": true, + "value": "off", + }, + "com.sun.services.debug.mergeall": { + "inherited": true, + "value": "on", + }, + }, + "amconfig.header.installdir": { + "com.iplanet.am.locale": { + "inherited": false, + "value": "en_US", + }, + "com.iplanet.am.util.xml.validating": { + "inherited": true, + "value": "off", + }, + "com.iplanet.services.configpath": { + "inherited": false, + "value": "/root/am", + }, + "com.sun.identity.client.notification.url": { + "inherited": true, + "value": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", + }, + }, + "amconfig.header.mailserver": { + "com.iplanet.am.smtphost": { + "inherited": true, + "value": "localhost", + }, + "com.iplanet.am.smtpport": { + "inherited": true, + "value": "25", + }, + }, + "amconfig.header.site": { + "singleChoiceSite": "[Empty]", + }, + }, + "sdk": { + "_id": "01/properties/sdk", + "amconfig.header.cachingreplica": { + "com.iplanet.am.sdk.cache.maxSize": { + "inherited": true, + "value": "10000", + }, + }, + "amconfig.header.datastore": { + "com.sun.identity.sm.enableDataStoreNotification": { + "inherited": false, + "value": true, + }, + "com.sun.identity.sm.notification.threadpool.size": { + "inherited": true, + "value": "1", + }, + }, + "amconfig.header.eventservice": { + "com.iplanet.am.event.connection.delay.between.retries": { + "inherited": true, + "value": "3000", + }, + "com.iplanet.am.event.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.event.connection.num.retries": { + "inherited": true, + "value": "3", + }, + "com.sun.am.event.connection.disable.list": { + "inherited": false, + "value": "aci,um", + }, + }, + "amconfig.header.ldapconnection": { + "com.iplanet.am.ldap.connection.delay.between.retries": { + "inherited": true, + "value": "1000", + }, + "com.iplanet.am.ldap.connection.ldap.error.codes.retries": { + "inherited": false, + "value": "80,81,91", + }, + "com.iplanet.am.ldap.connection.num.retries": { + "inherited": true, + "value": "3", + }, + }, + "amconfig.header.sdktimetoliveconfig": { + "com.iplanet.am.sdk.cache.entry.default.expire.time": { + "inherited": true, + "value": "30", + }, + "com.iplanet.am.sdk.cache.entry.expire.enabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.sdk.cache.entry.user.expire.time": { + "inherited": true, + "value": "15", + }, + }, + }, + "security": { + "_id": "01/properties/security", + "amconfig.header.cookie": { + "com.iplanet.am.cookie.encode": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.cookie.name": { + "inherited": true, + "value": "iPlanetDirectoryPro", + }, + "com.iplanet.am.cookie.secure": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.crlcache": { + "com.sun.identity.crl.cache.directory.host": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.mtlsenabled": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.password": { + "inherited": true, + "value": null, + }, + "com.sun.identity.crl.cache.directory.port": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchattr": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchlocs": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.ssl": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.user": { + "inherited": true, + "value": "", + }, + }, + "amconfig.header.deserialisationwhitelist": { + "openam.deserialisation.classes.whitelist": { + "inherited": true, + "value": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", + }, + }, + "amconfig.header.encryption": { + "am.encryption.pwd": { + "inherited": false, + "value": "efSYcwIhr7uKH30rgciGTVTFzb63LhYu", + }, + "am.encryption.secret.alias": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.enabled": { + "inherited": true, + "value": false, + }, + "am.encryption.secret.keyPass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreFile": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystorePass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreType": { + "inherited": true, + "value": "JCEKS", + }, + "com.iplanet.security.SecureRandomFactoryImpl": { + "inherited": true, + "value": "com.iplanet.am.util.SecureRandomFactoryImpl", + }, + "com.iplanet.security.encryptor": { + "inherited": true, + "value": "com.iplanet.services.util.JCEEncryption", + }, + }, + "amconfig.header.ocsp.check": { + "com.sun.identity.authentication.ocsp.responder.nickname": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocsp.responder.url": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocspCheck": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.securitykey": { + "com.sun.identity.saml.xmlsig.certalias": { + "inherited": true, + "value": "test", + }, + "com.sun.identity.saml.xmlsig.keypass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.keypass", + }, + "com.sun.identity.saml.xmlsig.keystore": { + "inherited": true, + "value": "%BASE_DIR%/security/keystores/keystore.jceks", + }, + "com.sun.identity.saml.xmlsig.storepass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.storepass", + }, + "com.sun.identity.saml.xmlsig.storetype": { + "inherited": true, + "value": "JCEKS", + }, + }, + "amconfig.header.validation": { + "com.iplanet.am.clientIPCheckEnabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.services.comm.server.pllrequest.maxContentLength": { + "inherited": true, + "value": "16384", + }, + }, + }, + "session": { + "_id": "01/properties/session", + "amconfig.header.sessionlogging": { + "com.iplanet.am.stats.interval": { + "inherited": true, + "value": "60", + }, + "com.iplanet.services.stats.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/stats", + }, + "com.iplanet.services.stats.state": { + "inherited": true, + "value": "file", + }, + "com.sun.am.session.enableHostLookUp": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.sessionnotification": { + "com.iplanet.am.notification.threadpool.size": { + "inherited": true, + "value": "10", + }, + "com.iplanet.am.notification.threadpool.threshold": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionthresholds": { + "com.iplanet.am.session.invalidsessionmaxtime": { + "inherited": true, + "value": "3", + }, + "org.forgerock.openam.session.service.access.persistence.caching.maxsize": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionvalidation": { + "com.sun.am.session.caseInsensitiveDN": { + "inherited": true, + "value": true, + }, + }, + }, + "uma": { + "_id": "01/properties/uma", + "amconfig.org.forgerock.services.resourcesets.store.common.section": { + "org.forgerock.services.resourcesets.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.resourcesets.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.resourcesets.store.external.section": { + "org.forgerock.services.resourcesets.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.resourcesets.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.common.section": { + "org.forgerock.services.uma.labels.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.labels.store.max.connections": { + "inherited": true, + "value": "2", + }, + "org.forgerock.services.uma.labels.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.external.section": { + "org.forgerock.services.uma.labels.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.labels.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.labels.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { + "org.forgerock.services.uma.pendingrequests.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.pendingrequests.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { + "org.forgerock.services.uma.pendingrequests.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.common.section": { + "org.forgerock.services.umaaudit.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.umaaudit.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.external.section": { + "org.forgerock.services.umaaudit.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.umaaudit.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + }, + }, + "siteName": null, + "url": "http://localhost:8080/am", + }, + "03": { + "_id": "03", + "properties": { + "advanced": { + "_id": "03/properties/advanced", + "com.iplanet.am.lbcookie.value": "03", + }, + "cts": { + "_id": "03/properties/cts", + "amconfig.org.forgerock.services.cts.store.common.section": { + "org.forgerock.services.cts.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.cts.store.max.connections": { + "inherited": true, + "value": "100", + }, + "org.forgerock.services.cts.store.page.size": { + "inherited": true, + "value": "0", + }, + "org.forgerock.services.cts.store.root.suffix": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.vlv.page.size": { + "inherited": true, + "value": "1000", + }, + }, + "amconfig.org.forgerock.services.cts.store.external.section": { + "org.forgerock.services.cts.store.affinity.enabled": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.cts.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + }, + "directoryConfiguration": { + "_id": "03/properties/directoryConfiguration", + "directoryConfiguration": { + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "maxConnectionPool": 10, + "minConnectionPool": 1, + "mtlsAlias": "", + "mtlsEnabled": false, + "mtlsKeyPasswordFile": "", + "mtlsKeyStoreFile": "", + "mtlsKeyStorePasswordFile": "", + "mtlsKeyStoreType": null, + }, + "directoryServers": [ + { + "connectionType": "SSL", + "hostName": "localhost", + "portNumber": "50636", + "serverName": "Server1", + }, + ], + }, + "general": { + "_id": "03/properties/general", + "amconfig.header.debug": { + "com.iplanet.services.debug.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/debug", + }, + "com.iplanet.services.debug.level": { + "inherited": true, + "value": "off", + }, + "com.sun.services.debug.mergeall": { + "inherited": true, + "value": "on", + }, + }, + "amconfig.header.installdir": { + "com.iplanet.am.locale": { + "inherited": true, + "value": "en_US", + }, + "com.iplanet.am.util.xml.validating": { + "inherited": true, + "value": "off", + }, + "com.iplanet.services.configpath": { + "inherited": true, + "value": "%BASE_DIR%", + }, + "com.sun.identity.client.notification.url": { + "inherited": true, + "value": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", + }, + }, + "amconfig.header.mailserver": { + "com.iplanet.am.smtphost": { + "inherited": true, + "value": "localhost", + }, + "com.iplanet.am.smtpport": { + "inherited": true, + "value": "25", + }, + }, + "amconfig.header.site": { + "singleChoiceSite": "testsite", + }, + }, + "sdk": { + "_id": "03/properties/sdk", + "amconfig.header.cachingreplica": { + "com.iplanet.am.sdk.cache.maxSize": { + "inherited": true, + "value": "10000", + }, + }, + "amconfig.header.datastore": { + "com.sun.identity.sm.enableDataStoreNotification": { + "inherited": true, + "value": false, + }, + "com.sun.identity.sm.notification.threadpool.size": { + "inherited": true, + "value": "1", + }, + }, + "amconfig.header.eventservice": { + "com.iplanet.am.event.connection.delay.between.retries": { + "inherited": true, + "value": "3000", + }, + "com.iplanet.am.event.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.event.connection.num.retries": { + "inherited": true, + "value": "3", + }, + "com.sun.am.event.connection.disable.list": { + "inherited": true, + "value": "aci,um,sm", + }, + }, + "amconfig.header.ldapconnection": { + "com.iplanet.am.ldap.connection.delay.between.retries": { + "inherited": true, + "value": "1000", + }, + "com.iplanet.am.ldap.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.ldap.connection.num.retries": { + "inherited": true, + "value": "3", + }, + }, + "amconfig.header.sdktimetoliveconfig": { + "com.iplanet.am.sdk.cache.entry.default.expire.time": { + "inherited": true, + "value": "30", + }, + "com.iplanet.am.sdk.cache.entry.expire.enabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.sdk.cache.entry.user.expire.time": { + "inherited": true, + "value": "15", + }, + }, + }, + "security": { + "_id": "03/properties/security", + "amconfig.header.cookie": { + "com.iplanet.am.cookie.encode": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.cookie.name": { + "inherited": true, + "value": "iPlanetDirectoryPro", + }, + "com.iplanet.am.cookie.secure": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.crlcache": { + "com.sun.identity.crl.cache.directory.host": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.mtlsenabled": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.password": { + "inherited": true, + "value": null, + }, + "com.sun.identity.crl.cache.directory.port": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchattr": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchlocs": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.ssl": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.user": { + "inherited": true, + "value": "", + }, + }, + "amconfig.header.deserialisationwhitelist": { + "openam.deserialisation.classes.whitelist": { + "inherited": true, + "value": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", + }, + }, + "amconfig.header.encryption": { + "am.encryption.pwd": { + "inherited": true, + "value": "@AM_ENC_PWD@", + }, + "am.encryption.secret.alias": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.enabled": { + "inherited": true, + "value": false, + }, + "am.encryption.secret.keyPass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreFile": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystorePass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreType": { + "inherited": true, + "value": "JCEKS", + }, + "com.iplanet.security.SecureRandomFactoryImpl": { + "inherited": true, + "value": "com.iplanet.am.util.SecureRandomFactoryImpl", + }, + "com.iplanet.security.encryptor": { + "inherited": true, + "value": "com.iplanet.services.util.JCEEncryption", + }, + }, + "amconfig.header.ocsp.check": { + "com.sun.identity.authentication.ocsp.responder.nickname": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocsp.responder.url": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocspCheck": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.securitykey": { + "com.sun.identity.saml.xmlsig.certalias": { + "inherited": true, + "value": "test", + }, + "com.sun.identity.saml.xmlsig.keypass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.keypass", + }, + "com.sun.identity.saml.xmlsig.keystore": { + "inherited": true, + "value": "%BASE_DIR%/security/keystores/keystore.jceks", + }, + "com.sun.identity.saml.xmlsig.storepass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.storepass", + }, + "com.sun.identity.saml.xmlsig.storetype": { + "inherited": true, + "value": "JCEKS", + }, + }, + "amconfig.header.validation": { + "com.iplanet.am.clientIPCheckEnabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.services.comm.server.pllrequest.maxContentLength": { + "inherited": true, + "value": "16384", + }, + }, + }, + "session": { + "_id": "03/properties/session", + "amconfig.header.sessionlogging": { + "com.iplanet.am.stats.interval": { + "inherited": true, + "value": "60", + }, + "com.iplanet.services.stats.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/stats", + }, + "com.iplanet.services.stats.state": { + "inherited": true, + "value": "file", + }, + "com.sun.am.session.enableHostLookUp": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.sessionnotification": { + "com.iplanet.am.notification.threadpool.size": { + "inherited": true, + "value": "10", + }, + "com.iplanet.am.notification.threadpool.threshold": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionthresholds": { + "com.iplanet.am.session.invalidsessionmaxtime": { + "inherited": true, + "value": "3", + }, + "org.forgerock.openam.session.service.access.persistence.caching.maxsize": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionvalidation": { + "com.sun.am.session.caseInsensitiveDN": { + "inherited": true, + "value": true, + }, + }, + }, + "uma": { + "_id": "03/properties/uma", + "amconfig.org.forgerock.services.resourcesets.store.common.section": { + "org.forgerock.services.resourcesets.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.resourcesets.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.resourcesets.store.external.section": { + "org.forgerock.services.resourcesets.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.resourcesets.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.common.section": { + "org.forgerock.services.uma.labels.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.labels.store.max.connections": { + "inherited": true, + "value": "2", + }, + "org.forgerock.services.uma.labels.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.external.section": { + "org.forgerock.services.uma.labels.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.labels.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.labels.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { + "org.forgerock.services.uma.pendingrequests.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.pendingrequests.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { + "org.forgerock.services.uma.pendingrequests.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.common.section": { + "org.forgerock.services.umaaudit.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.umaaudit.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.external.section": { + "org.forgerock.services.umaaudit.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.umaaudit.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + }, + }, + "siteName": "testsite", + "url": "http://localhost:8081/am", + }, + "04": { + "_id": "04", + "properties": { + "advanced": { + "_id": "04/properties/advanced", + "com.iplanet.am.lbcookie.value": "04", + }, + "cts": { + "_id": "04/properties/cts", + "amconfig.org.forgerock.services.cts.store.common.section": { + "org.forgerock.services.cts.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.cts.store.max.connections": { + "inherited": true, + "value": "100", + }, + "org.forgerock.services.cts.store.page.size": { + "inherited": true, + "value": "0", + }, + "org.forgerock.services.cts.store.root.suffix": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.vlv.page.size": { + "inherited": true, + "value": "1000", + }, + }, + "amconfig.org.forgerock.services.cts.store.external.section": { + "org.forgerock.services.cts.store.affinity.enabled": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.cts.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + }, + "directoryConfiguration": { + "_id": "04/properties/directoryConfiguration", + "directoryConfiguration": { + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "maxConnectionPool": 10, + "minConnectionPool": 1, + "mtlsAlias": "", + "mtlsEnabled": false, + "mtlsKeyPasswordFile": "", + "mtlsKeyStoreFile": "", + "mtlsKeyStorePasswordFile": "", + "mtlsKeyStoreType": null, + }, + "directoryServers": [ + { + "connectionType": "SSL", + "hostName": "localhost", + "portNumber": "50636", + "serverName": "Server1", + }, + ], + }, + "general": { + "_id": "04/properties/general", + "amconfig.header.debug": { + "com.iplanet.services.debug.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/debug", + }, + "com.iplanet.services.debug.level": { + "inherited": true, + "value": "off", + }, + "com.sun.services.debug.mergeall": { + "inherited": true, + "value": "on", + }, + }, + "amconfig.header.installdir": { + "com.iplanet.am.locale": { + "inherited": true, + "value": "en_US", + }, + "com.iplanet.am.util.xml.validating": { + "inherited": true, + "value": "off", + }, + "com.iplanet.services.configpath": { + "inherited": true, + "value": "%BASE_DIR%", + }, + "com.sun.identity.client.notification.url": { + "inherited": true, + "value": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", + }, + }, + "amconfig.header.mailserver": { + "com.iplanet.am.smtphost": { + "inherited": true, + "value": "localhost", + }, + "com.iplanet.am.smtpport": { + "inherited": true, + "value": "25", + }, + }, + "amconfig.header.site": { + "singleChoiceSite": "[Empty]", + }, + }, + "sdk": { + "_id": "04/properties/sdk", + "amconfig.header.cachingreplica": { + "com.iplanet.am.sdk.cache.maxSize": { + "inherited": true, + "value": "10000", + }, + }, + "amconfig.header.datastore": { + "com.sun.identity.sm.enableDataStoreNotification": { + "inherited": true, + "value": false, + }, + "com.sun.identity.sm.notification.threadpool.size": { + "inherited": true, + "value": "1", + }, + }, + "amconfig.header.eventservice": { + "com.iplanet.am.event.connection.delay.between.retries": { + "inherited": true, + "value": "3000", + }, + "com.iplanet.am.event.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.event.connection.num.retries": { + "inherited": true, + "value": "3", + }, + "com.sun.am.event.connection.disable.list": { + "inherited": true, + "value": "aci,um,sm", + }, + }, + "amconfig.header.ldapconnection": { + "com.iplanet.am.ldap.connection.delay.between.retries": { + "inherited": true, + "value": "1000", + }, + "com.iplanet.am.ldap.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.ldap.connection.num.retries": { + "inherited": true, + "value": "3", + }, + }, + "amconfig.header.sdktimetoliveconfig": { + "com.iplanet.am.sdk.cache.entry.default.expire.time": { + "inherited": true, + "value": "30", + }, + "com.iplanet.am.sdk.cache.entry.expire.enabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.sdk.cache.entry.user.expire.time": { + "inherited": true, + "value": "15", + }, + }, + }, + "security": { + "_id": "04/properties/security", + "amconfig.header.cookie": { + "com.iplanet.am.cookie.encode": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.cookie.name": { + "inherited": true, + "value": "iPlanetDirectoryPro", + }, + "com.iplanet.am.cookie.secure": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.crlcache": { + "com.sun.identity.crl.cache.directory.host": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.mtlsenabled": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.password": { + "inherited": true, + "value": null, + }, + "com.sun.identity.crl.cache.directory.port": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchattr": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchlocs": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.ssl": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.user": { + "inherited": true, + "value": "", + }, + }, + "amconfig.header.deserialisationwhitelist": { + "openam.deserialisation.classes.whitelist": { + "inherited": true, + "value": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", + }, + }, + "amconfig.header.encryption": { + "am.encryption.pwd": { + "inherited": true, + "value": "@AM_ENC_PWD@", + }, + "am.encryption.secret.alias": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.enabled": { + "inherited": true, + "value": false, + }, + "am.encryption.secret.keyPass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreFile": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystorePass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreType": { + "inherited": true, + "value": "JCEKS", + }, + "com.iplanet.security.SecureRandomFactoryImpl": { + "inherited": true, + "value": "com.iplanet.am.util.SecureRandomFactoryImpl", + }, + "com.iplanet.security.encryptor": { + "inherited": true, + "value": "com.iplanet.services.util.JCEEncryption", + }, + }, + "amconfig.header.ocsp.check": { + "com.sun.identity.authentication.ocsp.responder.nickname": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocsp.responder.url": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocspCheck": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.securitykey": { + "com.sun.identity.saml.xmlsig.certalias": { + "inherited": true, + "value": "test", + }, + "com.sun.identity.saml.xmlsig.keypass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.keypass", + }, + "com.sun.identity.saml.xmlsig.keystore": { + "inherited": true, + "value": "%BASE_DIR%/security/keystores/keystore.jceks", + }, + "com.sun.identity.saml.xmlsig.storepass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.storepass", + }, + "com.sun.identity.saml.xmlsig.storetype": { + "inherited": true, + "value": "JCEKS", + }, + }, + "amconfig.header.validation": { + "com.iplanet.am.clientIPCheckEnabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.services.comm.server.pllrequest.maxContentLength": { + "inherited": true, + "value": "16384", + }, + }, + }, + "session": { + "_id": "04/properties/session", + "amconfig.header.sessionlogging": { + "com.iplanet.am.stats.interval": { + "inherited": true, + "value": "60", + }, + "com.iplanet.services.stats.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/stats", + }, + "com.iplanet.services.stats.state": { + "inherited": true, + "value": "file", + }, + "com.sun.am.session.enableHostLookUp": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.sessionnotification": { + "com.iplanet.am.notification.threadpool.size": { + "inherited": true, + "value": "10", + }, + "com.iplanet.am.notification.threadpool.threshold": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionthresholds": { + "com.iplanet.am.session.invalidsessionmaxtime": { + "inherited": true, + "value": "3", + }, + "org.forgerock.openam.session.service.access.persistence.caching.maxsize": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionvalidation": { + "com.sun.am.session.caseInsensitiveDN": { + "inherited": true, + "value": true, + }, + }, + }, + "uma": { + "_id": "04/properties/uma", + "amconfig.org.forgerock.services.resourcesets.store.common.section": { + "org.forgerock.services.resourcesets.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.resourcesets.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.resourcesets.store.external.section": { + "org.forgerock.services.resourcesets.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.resourcesets.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.common.section": { + "org.forgerock.services.uma.labels.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.labels.store.max.connections": { + "inherited": true, + "value": "2", + }, + "org.forgerock.services.uma.labels.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.external.section": { + "org.forgerock.services.uma.labels.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.labels.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.labels.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { + "org.forgerock.services.uma.pendingrequests.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.pendingrequests.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { + "org.forgerock.services.uma.pendingrequests.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.common.section": { + "org.forgerock.services.umaaudit.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.umaaudit.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.external.section": { + "org.forgerock.services.umaaudit.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.umaaudit.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + }, + }, + "siteName": null, + "url": "http://localhost:8082/am", + }, + }, + }, + "serverInformation": { + "*": { + "_id": "*", + "cookieName": "iPlanetDirectoryPro", + "domains": [], + "fileBasedConfiguration": false, + "forgotPassword": "false", + "forgotUsername": "false", + "kbaEnabled": "false", + "lang": "en-US", + "protectedUserAttributes": [ + "telephoneNumber", + "mail", + ], + "realm": "/", + "referralsEnabled": "false", + "secureCookie": false, + "selfRegistration": "false", + "socialImplementations": [], + "successfulUserRegistrationDestination": "default", + "userIdAttributes": [], + "xuiUserSessionValidationEnabled": true, + "zeroPageLogin": { + "allowedWithoutReferer": true, + "enabled": false, + "refererWhitelist": [], + }, + }, + }, + "serverVersion": { + "version": { + "_id": "version", + "date": "2024-March-28 16:00", + "fullVersion": "ForgeRock Access Management 7.5.0 Build 89116d59a1ebe73ed1931dd3649adb7f217cd06b (2024-March-28 16:00)", + "revision": "89116d59a1ebe73ed1931dd3649adb7f217cd06b", + "version": "7.5.0", + }, + }, + "service": { + "ConfigurationVersionService": { + "_id": "", + "_type": { + "_id": "ConfigurationVersionService", + "collection": false, + "name": "Configuration Version Service", + }, + "appliedRuleIds": [ + "AME-23273", + "AME-21032", + "AME-21768", + ], + "configurationVersion": "8.0.0.0", + "location": "global", + "nextDescendents": [], + }, + "CorsService": { + "_id": "", + "_type": { + "_id": "CorsService", + "collection": false, + "name": "CORS Service", + }, + "enabled": true, + "location": "global", + "nextDescendents": [], + }, + "DataStoreService": { + "_id": "", + "_type": { + "_id": "DataStoreService", + "collection": false, + "name": "External Data Stores", + }, + "defaults": { + "applicationDataStoreId": "fd270e31-1788-4193-8734-eb2d500c47f3", + "policyDataStoreId": "fd270e31-1788-4193-8734-eb2d500c47f3", + }, + "location": "global", + "nextDescendents": [], + }, + "GoogleCloudServiceAccountService": { + "_id": "", + "_type": { + "_id": "GoogleCloudServiceAccountService", + "collection": false, + "name": "Google Cloud Platform Service Accounts", + }, + "enabled": true, + "location": "global", + "nextDescendents": [ + { + "_id": "default", + "_type": { + "_id": "serviceAccounts", + "collection": true, + "name": "GCP Service Account", + }, + "allowedRealms": [ + "*", + ], + "allowedSecretNamePatterns": [ + "*", + ], + "disallowedSecretNamePatterns": [], + }, + ], + }, + "IdentityAssertionService": { + "_id": "", + "_type": { + "_id": "IdentityAssertionService", + "collection": false, + "name": "Identity Assertion Service", + }, + "cacheDuration": 120, + "defaults": { + "cacheDuration": 120, + "enable": true, + }, + "enable": true, + "location": "global", + "nextDescendents": [], + }, + "RadiusServerService": { + "_id": "", + "_type": { + "_id": "RadiusServerService", + "collection": false, + "name": "RADIUS Server", + }, + "location": "global", + "nextDescendents": [], + "radiusListenerEnabled": "NO", + "radiusServerPort": 1812, + "radiusThreadPoolCoreSize": 1, + "radiusThreadPoolKeepaliveSeconds": 10, + "radiusThreadPoolMaxSize": 10, + "radiusThreadPoolQueueSize": 20, + }, + "RemoteConsentService": { + "_id": "", + "_type": { + "_id": "RemoteConsentService", + "collection": false, + "name": "Remote Consent Service", + }, + "defaults": { + "consentResponseTimeLimit": 2, + "jwkStoreCacheMissCacheTime": 1, + "jwkStoreCacheTimeout": 5, + }, + "location": "global", + "nextDescendents": [], + }, + "SocialIdentityProviders": { + "_id": "", + "_type": { + "_id": "SocialIdentityProviders", + "collection": false, + "name": "Social Identity Provider Service", + }, + "defaults": { + "enabled": true, + }, + "location": "global", + "nextDescendents": [], + }, + "amSessionPropertyWhitelist": { + "_id": "", + "_type": { + "_id": "amSessionPropertyWhitelist", + "collection": false, + "name": "Session Property Whitelist Service", + }, + "defaults": { + "sessionPropertyWhitelist": [ + "AMCtxId", + ], + "whitelistedQueryProperties": [], + }, + "location": "global", + "nextDescendents": [], + }, + "androidKeyAttestation": { + "_id": "", + "_type": { + "_id": "androidKeyAttestation", + "collection": false, + "name": "Android Key Attestation", + }, + "cacheDuration": 24, + "defaults": { + "crlUrl": "https://android.googleapis.com/attestation/status", + }, + "location": "global", + "nextDescendents": [], + }, + "audit": { + "_id": "", + "_type": { + "_id": "audit", + "collection": false, + "name": "Audit Logging", + }, + "auditEnabled": true, + "blacklistFieldFilters": [], + "defaults": { + "auditEnabled": true, + "blacklistFieldFilters": [], + "whitelistFieldFilters": [], + }, + "location": "global", + "nextDescendents": [ + { + "_id": "Global JSON Handler", + "_type": { + "_id": "JSON", + "collection": true, + "name": "JSON", + }, + "commonHandler": { + "enabled": true, + "topics": [ + "access", + "activity", + "config", + "authentication", + ], + }, + "commonHandlerPlugin": { + "handlerFactory": "org.forgerock.openam.audit.events.handlers.JsonAuditEventHandlerFactory", + }, + "jsonBuffering": { + "bufferingMaxSize": "100000", + "bufferingWriteInterval": "5", + }, + "jsonConfig": { + "elasticsearchCompatible": false, + "location": "%BASE_DIR%/var/audit/", + "rotationRetentionCheckInterval": "5", + }, + "jsonFileRetention": { + "retentionMaxDiskSpaceToUse": "-1", + "retentionMaxNumberOfHistoryFiles": "1", + "retentionMinFreeSpaceRequired": "-1", + }, + "jsonFileRotation": { + "rotationEnabled": true, + "rotationFileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "rotationInterval": "-1", + "rotationMaxFileSize": "100000000", + "rotationTimes": [], + }, + }, + ], + "whitelistFieldFilters": [], + }, + "authenticatorOathService": { + "_id": "", + "_type": { + "_id": "authenticatorOathService", + "collection": false, + "name": "ForgeRock Authenticator (OATH) Service", + }, + "defaults": { + "authenticatorOATHDeviceSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "authenticatorOATHDeviceSettingsEncryptionKeystoreKeyPairAlias": "pushDeviceProfiles", + "authenticatorOATHDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorOATHDeviceSettingsEncryptionKeystoreType": "JKS", + "authenticatorOATHDeviceSettingsEncryptionScheme": "NONE", + "authenticatorOATHSkippableName": "oath2faEnabled", + "oathAttrName": "oathDeviceProfiles", + }, + "location": "global", + "nextDescendents": [], + }, + "authenticatorPushService": { + "_id": "", + "_type": { + "_id": "authenticatorPushService", + "collection": false, + "name": "ForgeRock Authenticator (Push) Service", + }, + "defaults": { + "authenticatorPushDeviceSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "authenticatorPushDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorPushDeviceSettingsEncryptionKeystoreType": "JKS", + "authenticatorPushDeviceSettingsEncryptionScheme": "NONE", + "authenticatorPushSkippableName": "push2faEnabled", + "pushAttrName": "pushDeviceProfiles", + }, + "location": "global", + "nextDescendents": [], + }, + "authenticatorWebAuthnService": { + "_id": "", + "_type": { + "_id": "authenticatorWebAuthnService", + "collection": false, + "name": "WebAuthn Profile Encryption Service", + }, + "defaults": { + "authenticatorWebAuthnDeviceSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jceks", + "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType": "JCEKS", + "authenticatorWebAuthnDeviceSettingsEncryptionScheme": "NONE", + "webauthnAttrName": "webauthnDeviceProfiles", + }, + "location": "global", + "nextDescendents": [], + }, + "baseurl": { + "_id": "", + "_type": { + "_id": "baseurl", + "collection": false, + "name": "Base URL Source", + }, + "defaults": { + "contextPath": "/am", + "source": "REQUEST_VALUES", + }, + "location": "global", + "nextDescendents": [], + }, + "dashboard": { + "_id": "", + "_type": { + "_id": "dashboard", + "collection": false, + "name": "Dashboard", + }, + "defaults": { + "assignedDashboard": [], + }, + "location": "global", + "nextDescendents": [ + { + "_id": "Google", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "Google", + "icfIdentifier": "idm magic 34", + "icon": "images/logos/googleplus.png", + "login": "http://www.google.com", + "name": "Google", + }, + { + "_id": "SalesForce", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "SalesForce", + "icfIdentifier": "idm magic 12", + "icon": "images/logos/salesforce.png", + "login": "http://www.salesforce.com", + "name": "SalesForce", + }, + { + "_id": "ZenDesk", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "ZenDesk", + "icfIdentifier": "idm magic 56", + "icon": "images/logos/zendesk.png", + "login": "http://www.ZenDesk.com", + "name": "ZenDesk", + }, + ], + }, + "deviceBindingService": { + "_id": "", + "_type": { + "_id": "deviceBindingService", + "collection": false, + "name": "Device Binding Service", + }, + "defaults": { + "deviceBindingAttrName": "boundDevices", + "deviceBindingSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "deviceBindingSettingsEncryptionKeystorePassword": null, + "deviceBindingSettingsEncryptionKeystoreType": "JKS", + "deviceBindingSettingsEncryptionScheme": "NONE", + }, + "location": "global", + "nextDescendents": [], + }, + "deviceIdService": { + "_id": "", + "_type": { + "_id": "deviceIdService", + "collection": false, + "name": "Device ID Service", + }, + "defaults": { + "deviceIdAttrName": "devicePrintProfiles", + "deviceIdSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "deviceIdSettingsEncryptionKeystorePassword": null, + "deviceIdSettingsEncryptionKeystoreType": "JKS", + "deviceIdSettingsEncryptionScheme": "NONE", + }, + "location": "global", + "nextDescendents": [], + }, + "deviceProfilesService": { + "_id": "", + "_type": { + "_id": "deviceProfilesService", + "collection": false, + "name": "Device Profiles Service", + }, + "defaults": { + "deviceProfilesAttrName": "deviceProfiles", + "deviceProfilesSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "deviceProfilesSettingsEncryptionKeystorePassword": null, + "deviceProfilesSettingsEncryptionKeystoreType": "JKS", + "deviceProfilesSettingsEncryptionScheme": "NONE", + }, + "location": "global", + "nextDescendents": [], + }, + "email": { + "_id": "", + "_type": { + "_id": "email", + "collection": false, + "name": "Email Service", + }, + "defaults": { + "emailAddressAttribute": "mail", + "emailImplClassName": "org.forgerock.openam.services.email.MailServerImpl", + "emailRateLimitSeconds": 1, + "port": 465, + "sslState": "SSL", + }, + "location": "global", + "nextDescendents": [], + }, + "federation/common": { + "_id": "", + "_type": { + "_id": "federation/common", + "collection": false, + "name": "Common Federation Configuration", + }, + "algorithms": { + "DigestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256", + "QuerySignatureAlgorithmDSA": "http://www.w3.org/2009/xmldsig11#dsa-sha256", + "QuerySignatureAlgorithmEC": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", + "QuerySignatureAlgorithmRSA": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", + "aesKeyWrapAlgorithm": "http://www.w3.org/2001/04/xmlenc#kw-aes256", + "canonicalizationAlgorithm": "http://www.w3.org/2001/10/xml-exc-c14n#", + "maskGenerationFunction": "http://www.w3.org/2009/xmlenc11#mgf1sha256", + "rsaKeyTransportAlgorithm": "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", + "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", + "transformationAlgorithm": "http://www.w3.org/2001/10/xml-exc-c14n#", + }, + "generalConfig": { + "certificateChecking": "on", + "maxContentLength": 20480, + "samlErrorPageHttpBinding": "HTTP-POST", + "samlErrorPageUrl": "/saml2/jsp/saml2error.jsp", + }, + "implementationClasses": { + "configurationClass": "com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl", + "datastoreClass": "com.sun.identity.plugin.datastore.impl.IdRepoDataStoreProvider", + "keyProviderClass": "com.sun.identity.saml.xmlsig.JKSKeyProvider", + "loggerClass": "com.sun.identity.plugin.log.impl.LogProvider", + "passwordDecoderClass": "com.sun.identity.saml.xmlsig.FMPasswordDecoder", + "rootUrlProviderClass": "org.forgerock.openam.federation.plugin.rooturl.impl.FmRootUrlProvider", + "sessionProviderClass": "com.sun.identity.plugin.session.impl.FMSessionProvider", + "signatureProviderClass": "com.sun.identity.saml.xmlsig.AMSignatureProvider", + }, + "location": "global", + "montoring": { + "monitoringAgentClass": "com.sun.identity.plugin.monitoring.impl.AgentProvider", + "monitoringSaml2Class": "com.sun.identity.plugin.monitoring.impl.FedMonSAML2SvcProvider", + }, + "nextDescendents": [], + }, + "federation/multi": { + "_id": "", + "_type": { + "_id": "federation/multi", + "collection": false, + "name": "Multi-Federation Protocol", + }, + "location": "global", + "nextDescendents": [], + "singleLogoutHandlerList": [ + "key=WSFED|class=com.sun.identity.multiprotocol.WSFederationSingleLogoutHandler", + "key=SAML2|class=com.sun.identity.multiprotocol.SAML2SingleLogoutHandler", + ], + }, + "federation/saml2soapbinding": { + "_id": "", + "_type": { + "_id": "federation/saml2soapbinding", + "collection": false, + "name": "SAML v2.0 SOAP Binding", + }, + "location": "global", + "nextDescendents": [], + "requestHandlers": [], + }, + "globalization": { + "_id": "", + "_type": { + "_id": "globalization", + "collection": false, + "name": "Globalization Settings", + }, + "charsetMappings": [ + "locale=zh|charset=UTF-8;GB2312", + "locale=ar|charset=UTF-8;ISO-8859-6", + "locale=es|charset=UTF-8;ISO-8859-15", + "locale=de|charset=UTF-8;ISO-8859-15", + "locale=zh_TW|charset=UTF-8;BIG5", + "locale=fr|charset=UTF-8;ISO-8859-15", + "locale=ko|charset=UTF-8;EUC-KR", + "locale=en|charset=UTF-8;ISO-8859-1", + "locale=th|charset=UTF-8;TIS-620", + "locale=ja|charset=UTF-8;Shift_JIS;EUC-JP", + ], + "defaults": { + "commonNameFormats": [ + "zh={sn}{givenname}", + ], + }, + "location": "global", + "nextDescendents": [], + "sun-identity-g11n-settings-charset-alias-mapping": [ + "mimeName=EUC-KR|javaName=EUC_KR", + "mimeName=EUC-JP|javaName=EUC_JP", + "mimeName=Shift_JIS|javaName=SJIS", + ], + }, + "id-repositories": { + "_id": "", + "_type": { + "_id": "id-repositories", + "collection": false, + "name": "sunIdentityRepositoryService", + }, + "defaults": { + "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", + "sunIdRepoAttributeValidator": [ + "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", + "minimumPasswordLength=8", + "usernameInvalidChars=*|(|)|&|!", + ], + }, + "location": "global", + "nextDescendents": [ + { + "_id": "agent", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "agentgroup", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "agentonly", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "filteredrole", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "group", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "realm", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "role", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "user", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "amAdmin", + "_type": { + "_id": "user", + "collection": true, + "name": "User", + }, + "cn": "amAdmin", + "dn": "uid=amAdmin,ou=people,", + "givenName": "amAdmin", + "inetUserStatus": "Active", + "iplanet-am-user-auth-config": "[Empty]", + "roles": [], + "sn": "amAdmin", + "userPassword": null, + }, + { + "_id": "anonymous", + "_type": { + "_id": "user", + "collection": true, + "name": "User", + }, + "cn": "anonymous", + "dn": "uid=anonymous,ou=people,", + "givenName": "anonymous", + "inetUserStatus": "Inactive", + "iplanet-am-user-auth-config": "[Empty]", + "roles": [], + "sn": "anonymous", + "userPassword": null, + }, + { + "_id": "dsameuser", + "_type": { + "_id": "user", + "collection": true, + "name": "User", + }, + "dn": "cn=dsameuser,ou=DSAME Users,", + "inetUserStatus": "Active", + "iplanet-am-user-auth-config": "[Empty]", + "roles": [], + "userPassword": null, + }, + ], + }, + "idm-integration": { + "_id": "", + "_type": { + "_id": "idm-integration", + "collection": false, + "name": "IDM Provisioning", + }, + "configurationCacheDuration": 0, + "enabled": false, + "idmProvisioningClient": "idm-provisioning", + "jwtSigningCompatibilityMode": false, + "location": "global", + "nextDescendents": [], + "provisioningClientScopes": [ + "fr:idm:*", + ], + "useInternalOAuth2Provider": false, + }, + "iot": { + "_id": "", + "_type": { + "_id": "iot", + "collection": false, + "name": "IoT Service", + }, + "defaults": { + "attributeAllowlist": [ + "thingConfig", + ], + "createOAuthClient": false, + "createOAuthJwtIssuer": false, + "oauthClientName": "forgerock-iot-oauth2-client", + "oauthJwtIssuerName": "forgerock-iot-jwt-issuer", + }, + "location": "global", + "nextDescendents": [], + }, + "logging": { + "_id": "", + "_type": { + "_id": "logging", + "collection": false, + "name": "Logging", + }, + "database": { + "databaseFailureMemoryBufferSize": 2, + "driver": "oracle.jdbc.driver.OracleDriver", + "maxRecords": 500, + "user": "dbuser", + }, + "file": { + "location": "%BASE_DIR%/var/audit/", + "maxFileSize": 100000000, + "numberHistoryFiles": 1, + "rotationEnabled": true, + "rotationInterval": -1, + "suffix": "-MM.dd.yy-kk.mm", + }, + "general": { + "bufferSize": 25, + "bufferTime": 60, + "buffering": "ON", + "certificateStore": "%BASE_DIR%/var/audit/Logger.jks", + "fields": [ + "IPAddr", + "LoggedBy", + "LoginID", + "NameID", + "ModuleName", + "ContextID", + "Domain", + "LogLevel", + "HostName", + "MessageID", + ], + "filesPerKeystore": 5, + "jdkLoggingLevel": "INFO", + "security": "OFF", + "signaturePeriod": 900, + "signingAlgorithm": "SHA1withRSA", + "status": "INACTIVE", + "type": "File", + "verifyPeriod": 3600, + }, + "location": "global", + "nextDescendents": [], + "resolveHostName": false, + "syslog": { + "facility": "local5", + "host": "localhost", + "port": 514, + "protocol": "UDP", + "timeout": 30, + }, + }, + "monitoring": { + "_id": "", + "_type": { + "_id": "monitoring", + "collection": false, + "name": "Monitoring", + }, + "authfilePath": "%BASE_DIR%/security/openam_mon_auth", + "enabled": true, + "httpEnabled": false, + "httpPort": 8082, + "location": "global", + "nextDescendents": [ + { + "_id": "crest", + "_type": { + "_id": "crest", + "collection": true, + "name": "CREST Reporter", + }, + "enabled": false, + }, + { + "_id": "prometheus", + "_type": { + "_id": "prometheus", + "collection": true, + "name": "Prometheus Reporter", + }, + "authenticationType": "BASIC", + "enabled": false, + "password": null, + "username": "prometheus", + }, + ], + "policyHistoryWindowSize": 10000, + "rmiEnabled": false, + "rmiPort": 9999, + "sessionHistoryWindowSize": 10000, + "snmpEnabled": false, + "snmpPort": 8085, + }, + "naming": { + "_id": "", + "_type": { + "_id": "naming", + "collection": false, + "name": "Naming", + }, + "endpointConfig": { + "jaxwsUrl": "%protocol://%host:%port%uri/identityservices/", + "stsMexUrl": "%protocol://%host:%port%uri/sts/mex", + "stsUrl": "%protocol://%host:%port%uri/sts", + }, + "federationConfig": { + "jaxrpcUrl": "%protocol://%host:%port%uri/jaxrpc/", + "samlAssertionManagerUrl": "%protocol://%host:%port%uri/AssertionManagerServlet/AssertionManagerIF", + "samlAwareServletUrl": "%protocol://%host:%port%uri/SAMLAwareServlet", + "samlPostServletUrl": "%protocol://%host:%port%uri/SAMLPOSTProfileServlet", + "samlSoapReceiverUrl": "%protocol://%host:%port%uri/SAMLSOAPReceiver", + }, + "generalConfig": { + "authUrl": "%protocol://%host:%port%uri/authservice", + "loggingUrl": "%protocol://%host:%port%uri/loggingservice", + "policyUrl": "%protocol://%host:%port%uri/policyservice", + "profileUrl": "%protocol://%host:%port%uri/profileservice", + "sessionUrl": "%protocol://%host:%port%uri/sessionservice", + }, + "location": "global", + "nextDescendents": [], + }, + "oauth-oidc": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "allowUnauthorisedAccessToUserCodeForm": false, + "blacklistCacheSize": 10000, + "blacklistPollInterval": 60, + "blacklistPurgeDelay": 1, + "defaults": { + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": false, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "changeme", + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + ], + "supportedScopes": [], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": false, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + }, + }, + "jwtTokenLifetimeValidationEnabled": true, + "jwtTokenRequiredClaims": [], + "jwtTokenUnreasonableLifetime": 86400, + "location": "global", + "nextDescendents": [], + "statelessGrantTokenUpgradeCompatibilityMode": false, + "storageScheme": "CTS_ONE_TO_ONE_MODEL", + }, + "pingOneWorkerService": { + "_id": "", + "_type": { + "_id": "pingOneWorkerService", + "collection": false, + "name": "PingOne Worker Service", + }, + "defaults": { + "enabled": true, + }, + "location": "global", + "nextDescendents": [], + }, + "platform": { + "_id": "", + "_type": { + "_id": "platform", + "collection": false, + "name": "Platform", + }, + "cookieDomains": [], + "locale": "en_US", + "location": "global", + "nextDescendents": [], + }, + "policyconfiguration": { + "_id": "", + "_type": { + "_id": "policyconfiguration", + "collection": false, + "name": "Policy Configuration", + }, + "continueEvaluationOnDeny": false, + "defaults": { + "bindDn": "cn=Directory Manager", + "checkIfResourceTypeExists": true, + "connectionPoolMaximumSize": 10, + "connectionPoolMinimumSize": 1, + "ldapServer": [ + "localhost:50636", + ], + "maximumSearchResults": 100, + "mtlsEnabled": false, + "policyHeartbeatInterval": 10, + "policyHeartbeatTimeUnit": "SECONDS", + "realmSearchFilter": "(objectclass=sunismanagedorganization)", + "searchTimeout": 5, + "sslEnabled": true, + "subjectsResultTTL": 10, + "userAliasEnabled": false, + "usersBaseDn": "dc=openam,dc=forgerock,dc=org", + "usersSearchAttribute": "uid", + "usersSearchFilter": "(objectclass=inetorgperson)", + "usersSearchScope": "SCOPE_SUB", + }, + "location": "global", + "nextDescendents": [], + "realmAliasReferrals": false, + "resourceComparators": [ + "serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|oneLevelWildcard=-*-|delimiter=/|caseSensitive=false", + ], + }, + "pushNotification": { + "_id": "", + "_type": { + "_id": "pushNotification", + "collection": false, + "name": "Push Notification Service", + }, + "defaults": { + "delegateFactory": "org.forgerock.openam.services.push.sns.SnsHttpDelegateFactory", + "mdCacheSize": 10000, + "mdConcurrency": 16, + "mdDuration": 120, + "region": "us-east-1", + }, + "location": "global", + "nextDescendents": [], + }, + "rest": { + "_id": "", + "_type": { + "_id": "rest", + "collection": false, + "name": "REST APIs", + }, + "csrfFilterEnabled": true, + "defaultProtocolVersion": "Latest", + "defaultVersion": "Latest", + "descriptionsState": "STATIC", + "location": "global", + "nextDescendents": [], + "warningHeader": true, + }, + "saml2": { + "_id": "", + "_type": { + "_id": "saml2", + "collection": false, + "name": "SAML v2.0 Service Configuration", + }, + "bufferLength": 2048, + "caCertValidation": false, + "cacheCleanupInterval": 600, + "encryptedKeyInKeyInfo": true, + "idpDiscoveryCookieType": "PERSISTENT", + "idpDiscoveryUrlSchema": "HTTPS", + "location": "global", + "nameIDInfoAttribute": "sun-fm-saml2-nameid-info", + "nameIDInfoKeyAttribute": "sun-fm-saml2-nameid-infokey", + "nextDescendents": [], + "signingCertValidation": false, + "xmlEncryptionClass": "com.sun.identity.saml2.xmlenc.FMEncProvider", + "xmlSigningClass": "com.sun.identity.saml2.xmlsig.FMSigProvider", + }, + "security": { + "_id": "", + "_type": { + "_id": "security", + "collection": false, + "name": "Legacy User Self Service", + }, + "defaults": { + "confirmationIdHmacKey": "YcGfeuzSM14OG5djEcxEnvPydX28nsuxAZyDX1VA8iY=", + "forgotPasswordConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", + "forgotPasswordEnabled": false, + "forgotPasswordTokenLifetime": 900, + "protectedUserAttributes": [], + "selfRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", + "selfRegistrationEnabled": false, + "selfRegistrationTokenLifetime": 900, + "selfServiceEnabled": false, + "userRegisteredDestination": "default", + }, + "location": "global", + "nextDescendents": [], + }, + "selfService": { + "_id": "", + "_type": { + "_id": "selfService", + "collection": false, + "name": "User Self-Service", + }, + "defaults": { + "advancedConfig": { + "forgottenPasswordConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#passwordReset/", + "forgottenPasswordServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenPasswordConfigProvider", + "forgottenUsernameServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenUsernameConfigProvider", + "userRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#register/", + "userRegistrationServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.UserRegistrationConfigProvider", + }, + "forgottenPassword": { + "forgottenPasswordCaptchaEnabled": false, + "forgottenPasswordEmailBody": [ + "en|

Click on this link to reset your password.

", + ], + "forgottenPasswordEmailSubject": [ + "en|Forgotten password email", + ], + "forgottenPasswordEmailVerificationEnabled": true, + "forgottenPasswordEnabled": false, + "forgottenPasswordKbaEnabled": false, + "forgottenPasswordTokenPaddingLength": 450, + "forgottenPasswordTokenTTL": 300, + "numberOfAllowedAttempts": 1, + "numberOfAttemptsEnforced": false, + }, + "forgottenUsername": { + "forgottenUsernameCaptchaEnabled": false, + "forgottenUsernameEmailBody": [ + "en|

Your username is %username%.

", + ], + "forgottenUsernameEmailSubject": [ + "en|Forgotten username email", + ], + "forgottenUsernameEmailUsernameEnabled": true, + "forgottenUsernameEnabled": false, + "forgottenUsernameKbaEnabled": false, + "forgottenUsernameShowUsernameEnabled": false, + "forgottenUsernameTokenTTL": 300, + }, + "generalConfig": { + "captchaVerificationUrl": "https://www.google.com/recaptcha/api/siteverify", + "kbaQuestions": [ + "4|en|What is your mother's maiden name?", + "3|en|What was the name of your childhood pet?", + "2|en|What was the model of your first car?", + "1|en|What is the name of your favourite restaurant?", + ], + "minimumAnswersToDefine": 1, + "minimumAnswersToVerify": 1, + "validQueryAttributes": [ + "uid", + "mail", + "givenName", + "sn", + ], + }, + "profileManagement": { + "profileAttributeWhitelist": [ + "uid", + "telephoneNumber", + "mail", + "kbaInfo", + "givenName", + "sn", + "cn", + ], + "profileProtectedUserAttributes": [ + "telephoneNumber", + "mail", + ], + }, + "userRegistration": { + "userRegisteredDestination": "default", + "userRegistrationCaptchaEnabled": false, + "userRegistrationEmailBody": [ + "en|

Click on this link to register.

", + ], + "userRegistrationEmailSubject": [ + "en|Registration email", + ], + "userRegistrationEmailVerificationEnabled": true, + "userRegistrationEmailVerificationFirstEnabled": false, + "userRegistrationEnabled": false, + "userRegistrationKbaEnabled": false, + "userRegistrationTokenTTL": 300, + "userRegistrationValidUserAttributes": [ + "userPassword", + "mail", + "givenName", + "kbaInfo", + "inetUserStatus", + "sn", + "username", + ], + }, + }, + "location": "global", + "nextDescendents": [], + }, + "selfServiceTrees": { + "_id": "", + "_type": { + "_id": "selfServiceTrees", + "collection": false, + "name": "Self Service Trees", + }, + "defaults": { + "enabled": true, + "treeMapping": {}, + }, + "location": "global", + "nextDescendents": [], + }, + "session": { + "_id": "", + "_type": { + "_id": "session", + "collection": false, + "name": "Session", + }, + "dynamic": { + "maxCachingTime": 3, + "maxIdleTime": 30, + "maxSessionTime": 120, + "quotaLimit": 5, + }, + "general": { + "crossUpgradeReferenceFlag": false, + "dnRestrictionOnly": false, + "latestAccessTimeUpdateFrequency": 60, + "timeoutHandlers": [], + }, + "location": "global", + "nextDescendents": [], + "notifications": { + "notificationPropertyList": [], + "propertyChangeNotifications": "OFF", + }, + "quotas": { + "behaviourWhenQuotaExhausted": "org.forgerock.openam.session.service.DestroyNextExpiringAction", + "denyLoginWhenRepoDown": "NO", + "iplanet-am-session-enable-session-constraint": "OFF", + "quotaConstraintMaxWaitTime": 6000, + }, + "search": { + "maxSessionListSize": 120, + "sessionListRetrievalTimeout": 5, + }, + "stateless": { + "openam-session-stateless-blacklist-cache-size": 10000, + "openam-session-stateless-blacklist-poll-interval": 60, + "openam-session-stateless-blacklist-purge-delay": 1, + "openam-session-stateless-enable-session-blacklisting": false, + "openam-session-stateless-logout-poll-interval": 60, + "statelessCompressionType": "NONE", + "statelessEncryptionAesKey": null, + "statelessEncryptionType": "DIRECT", + "statelessLogoutByUser": false, + "statelessSigningHmacSecret": null, + "statelessSigningType": "HS256", + }, + }, + "socialauthentication": { + "_id": "", + "_type": { + "_id": "socialauthentication", + "collection": false, + "name": "Social Authentication Implementations", + }, + "defaults": { + "authenticationChains": {}, + "displayNames": {}, + "enabledKeys": [], + "icons": {}, + }, + "location": "global", + "nextDescendents": [], + }, + "transaction": { + "_id": "", + "_type": { + "_id": "transaction", + "collection": false, + "name": "Transaction Authentication Service", + }, + "defaults": { + "timeToLive": "180", + }, + "location": "global", + "nextDescendents": [], + }, + "uma": { + "_id": "", + "_type": { + "_id": "uma", + "collection": false, + "name": "UMA Provider", + }, + "defaults": { + "claimsGathering": { + "claimsGatheringService": "[Empty]", + "interactiveClaimsGatheringEnabled": false, + "pctLifetime": 604800, + }, + "generalSettings": { + "deletePoliciesOnDeleteRS": true, + "deleteResourceSetsOnDeleteRS": true, + "emailRequestingPartyOnPendingRequestApproval": true, + "emailResourceOwnerOnPendingRequestCreation": true, + "grantResourceOwnerImplicitConsent": true, + "grantRptConditions": [ + "REQUEST_PARTIAL", + "REQUEST_NONE", + "TICKET_PARTIAL", + ], + "pendingRequestsEnabled": true, + "permissionTicketLifetime": 120, + "resharingMode": "IMPLICIT", + "userProfileLocaleAttribute": "inetOrgPerson", + }, + }, + "location": "global", + "nextDescendents": [], + "umaPolicyUpgradeCompatibilityMode": false, + }, + "user": { + "_id": "", + "_type": { + "_id": "user", + "collection": false, + "name": "User", + }, + "dynamic": { + "defaultUserStatus": "Active", + }, + "location": "global", + "nextDescendents": [], + }, + "validation": { + "_id": "", + "_type": { + "_id": "validation", + "collection": false, + "name": "Validation Service", + }, + "defaults": { + "validGotoDestinations": [], + }, + "location": "global", + "nextDescendents": [], + "validGotoDestinations": [], + }, + }, + "site": { + "testsite": { + "_id": "testsite", + "secondaryURLs": [], + "servers": [ + { + "id": "03", + "url": "http://localhost:8081/am", + }, + ], + "url": "http://testurl.com:8080", + }, + }, + "webhookService": { + "webhooks": { + "_id": "", + "_type": { + "_id": "webhooks", + "collection": false, + "name": "Webhook Service", + }, + }, + }, + }, + "meta": Any, + "realm": { + "root": { + "agent": { + "Test IG": { + "_id": "Test IG", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [], + "igTokenIntrospection": "None", + "secretLabelIdentifier": null, + "status": "Active", + "userpassword": null, + }, + "Test SOAP STS": { + "_id": "Test SOAP STS", + "_type": { + "_id": "SoapSTSAgent", + "collection": true, + "name": "SOAP STS Agents", + }, + "agentgroup": null, + "publishServicePollInterval": 300, + }, + "Test Web": { + "_id": "Test Web", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testurl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "secretLabelIdentifier": null, + "ssoOnlyMode": false, + "status": "Active", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + "my-policy-agent": { + "_id": "my-policy-agent", + "_type": { + "_id": "2.2_Agent", + "collection": true, + "name": "Policy Agents", + }, + "cdssoRootUrl": [], + "description": null, + "status": "Active", + "userpassword": null, + }, + "test": { + "_id": "test", + "_type": { + "_id": "RemoteConsentAgent", + "collection": true, + "name": "OAuth2 Remote Consent Service", + }, + "agentgroup": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "remoteConsentRedirectUrl": null, + "remoteConsentRequestEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentRequestEncryptionEnabled": true, + "remoteConsentRequestEncryptionMethod": "A128GCM", + "remoteConsentRequestSigningAlgorithm": "RS256", + "remoteConsentResponseEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentResponseEncryptionMethod": "A128GCM", + "remoteConsentResponseSigningAlg": "RS256", + "requestTimeLimit": 180, + }, + "test java": { + "_id": "test java", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": "Test Java Group", + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "secretLabelIdentifier": null, + "status": "Active", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/test/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/test/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + "test software publisher": { + "_id": "test software publisher", + "_type": { + "_id": "SoftwarePublisher", + "collection": true, + "name": "OAuth2 Software Publisher", + }, + "agentgroup": null, + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "softwareStatementSigningAlgorithm": "RS256", + }, + }, + "agentGroup": { + "Oauth2 group": { + "_id": "Oauth2 group", + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "authorization_code", + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [], + "status": "Active", + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [], + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [], + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, + }, + }, + "Remote consent group": { + "_id": "Remote consent group", + "_type": { + "_id": "RemoteConsentAgent", + "collection": true, + "name": "OAuth2 Remote Consent Service", + }, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "remoteConsentRedirectUrl": null, + "remoteConsentRequestEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentRequestEncryptionEnabled": true, + "remoteConsentRequestEncryptionMethod": "A128GCM", + "remoteConsentRequestSigningAlgorithm": "RS256", + "remoteConsentResponseEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentResponseEncryptionMethod": "A128GCM", + "remoteConsentResponseSigningAlg": "RS256", + "requestTimeLimit": 180, + }, + "Software publisher group": { + "_id": "Software publisher group", + "_type": { + "_id": "SoftwarePublisher", + "collection": true, + "name": "OAuth2 Software Publisher", + }, + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "softwareStatementSigningAlgorithm": "RS256", + }, + "Test IG Group": { + "_id": "Test IG Group", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [], + "igTokenIntrospection": "None", + "status": "Active", + }, + "Test Java Group": { + "_id": "Test Java Group", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "status": "Active", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": null, + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": {}, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": null, + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + "Test SOAP STS group": { + "_id": "Test SOAP STS group", + "_type": { + "_id": "SoapSTSAgent", + "collection": true, + "name": "SOAP STS Agents", + }, + "publishServicePollInterval": 300, + }, + "Test Web Group": { + "_id": "Test Web Group", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Active", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + "Trusted JWT group": { + "_id": "Trusted JWT group", + "_type": { + "_id": "TrustedJwtIssuer", + "collection": true, + "name": "OAuth2 Trusted JWT Issuer", + }, + "allowedSubjects": [], + "consentedScopesClaim": "scope", + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "resourceOwnerIdentityClaim": "sub", + }, + "testwebgroup": { + "_id": "testwebgroup", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://test.com:8080/cool/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Active", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, + "application": { + "test client": { + "_id": "test client", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": false, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "changeme", + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "[Empty]", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + ], + "supportedScopes": [], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": false, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + }, + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "authorization_code", + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [], + "secretLabelIdentifier": null, + "status": "Active", + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [], + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [], + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, + }, + }, + }, + "applicationTypes": { + "iPlanetAMWebAgentService": { + "_id": "iPlanetAMWebAgentService", + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "iPlanetAMWebAgentService", + "resourceComparator": "com.sun.identity.entitlement.URLResourceName", + "saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex", + "searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex", + }, + "sunAMDelegationService": { + "_id": "sunAMDelegationService", + "actions": { + "DELEGATE": true, + "MODIFY": true, + "READ": true, + }, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "sunAMDelegationService", + "resourceComparator": "com.sun.identity.entitlement.RegExResourceName", + "saveIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator", + "searchIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter", + }, + "umaApplicationType": { + "_id": "umaApplicationType", + "actions": {}, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "umaApplicationType", + "resourceComparator": "org.forgerock.openam.uma.UmaPolicyResourceMatcher", + "saveIndex": "org.forgerock.openam.uma.UmaPolicySaveIndex", + "searchIndex": "org.forgerock.openam.uma.UmaPolicySearchIndex", + }, + }, + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "ldapService", + "orgConfig": "ldapService", + }, + "general": { + "defaultAuthLevel": 0, + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": false, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/am/console", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "moduleBasedAuthEnabled": true, + "sharedSecret": null, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 5, + }, + "userprofile": { + "aliasAttributeName": [ + "uid", + ], + "defaultRole": [], + "dynamicProfileCreation": "false", + }, + }, + "authenticationChains": { + "amsterService": { + "_id": "amsterService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "Amster", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + "ldapService": { + "_id": "ldapService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "DataStore", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + }, + "authenticationModules": { + "amster": { + "_id": "amster", + "_type": { + "_id": "amster", + "collection": true, + "name": "ForgeRock Amster", + }, + "authenticationLevel": 0, + "authorizedKeys": "/root/am/security/keys/amster/authorized_keys", + "enabled": true, + }, + "datastore": { + "_id": "datastore", + "_type": { + "_id": "datastore", + "collection": true, + "name": "Data Store", + }, + "authenticationLevel": 0, + }, + "federation": { + "_id": "federation", + "_type": { + "_id": "federation", + "collection": true, + "name": "Federation", + }, + "authenticationLevel": 0, + }, + "hotp": { + "_id": "hotp", + "_type": { + "_id": "hotp", + "collection": true, + "name": "HOTP", + }, + "authenticationLevel": 0, + "autoSendOTP": false, + "otpDeliveryMethod": "SMS and E-mail", + "otpLength": "8", + "otpMaxRetry": 3, + "otpValidityDuration": 5, + "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "smtpFromAddress": "no-reply@openam.org", + "smtpHostPort": 465, + "smtpHostname": "smtp.gmail.com", + "smtpSslEnabled": "SSL", + "smtpUserPassword": null, + "smtpUsername": "opensso.sun", + "userProfileEmailAttribute": "mail", + "userProfileTelephoneAttribute": "telephoneNumber", + }, + "ldap": { + "_id": "ldap", + "_type": { + "_id": "ldap", + "collection": true, + "name": "LDAP", + }, + "authenticationLevel": 0, + "beheraPasswordPolicySupportEnabled": true, + "connectionHeartbeatInterval": 10, + "connectionHeartbeatTimeUnit": "SECONDS", + "minimumPasswordLength": "8", + "openam-auth-ldap-connection-mode": "LDAPS", + "operationTimeout": 0, + "primaryLdapServer": [ + "localhost:50636", + ], + "profileAttributeMappings": [], + "returnUserDN": true, + "searchScope": "SUBTREE", + "secondaryLdapServer": [], + "stopLdapbindAfterInmemoryLockedEnabled": false, + "trustAllServerCertificates": false, + "userBindDN": "cn=Directory Manager", + "userBindPassword": null, + "userProfileRetrievalAttribute": "uid", + "userSearchAttributes": [ + "uid", + ], + "userSearchStartDN": [ + "dc=openam,dc=forgerock,dc=org", + ], + }, + "oath": { + "_id": "oath", + "_type": { + "_id": "oath", + "collection": true, + "name": "OATH", + }, + "addChecksum": "False", + "authenticationLevel": 0, + "forgerock-oath-maximum-clock-drift": 0, + "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", + "hotpWindowSize": 100, + "minimumSecretKeyLength": "32", + "oathAlgorithm": "HOTP", + "oathOtpMaxRetry": 3, + "passwordLength": "6", + "stepsInWindow": 2, + "timeStepSize": 30, + "truncationOffset": -1, + }, + "sae": { + "_id": "sae", + "_type": { + "_id": "sae", + "collection": true, + "name": "SAE", + }, + "authenticationLevel": 0, + }, + }, + "conditionTypes": { + "AMIdentityMembership": { + "_id": "AMIdentityMembership", + "config": { + "properties": { + "amIdentityName": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AMIdentityMembership", + }, + "AND": { + "_id": "AND", + "config": { + "properties": { + "conditions": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "AND", + }, + "AuthLevel": { + "_id": "AuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthLevel", + }, + "AuthScheme": { + "_id": "AuthScheme", + "config": { + "properties": { + "applicationIdleTimeout": { + "type": "integer", + }, + "applicationName": { + "type": "string", + }, + "authScheme": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthScheme", + }, + "AuthenticateToRealm": { + "_id": "AuthenticateToRealm", + "config": { + "properties": { + "authenticateToRealm": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthenticateToRealm", + }, + "AuthenticateToService": { + "_id": "AuthenticateToService", + "config": { + "properties": { + "authenticateToService": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthenticateToService", + }, + "IPv4": { + "_id": "IPv4", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", + }, + "type": "array", + }, + "endIp": { + "type": "string", + }, + "startIp": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "IPv4", + }, + "IPv6": { + "_id": "IPv6", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", + }, + "type": "array", + }, + "endIp": { + "type": "string", + }, + "startIp": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "IPv6", + }, + "LDAPFilter": { + "_id": "LDAPFilter", + "config": { + "properties": { + "ldapFilter": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "LDAPFilter", + }, + "LEAuthLevel": { + "_id": "LEAuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", + }, + }, + "type": "object", + }, + "logical": false, + "title": "LEAuthLevel", + }, + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "condition": { + "properties": {}, + "type": "object", + }, + }, + "type": "object", + }, + "logical": true, + "title": "NOT", + }, + "OAuth2Scope": { + "_id": "OAuth2Scope", + "config": { + "properties": { + "requiredScopes": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "OAuth2Scope", + }, + "OR": { + "_id": "OR", + "config": { + "properties": { + "conditions": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "OR", + }, + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", + }, + "properties": { + "type": "object", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Policy", + }, + "ResourceEnvIP": { + "_id": "ResourceEnvIP", + "config": { + "properties": { + "resourceEnvIPConditionValue": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "ResourceEnvIP", + }, + "Script": { + "_id": "Script", + "config": { + "properties": { + "scriptId": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Script", + }, + "Session": { + "_id": "Session", + "config": { + "properties": { + "maxSessionTime": { + "type": "integer", + }, + "terminateSession": { + "required": true, + "type": "boolean", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Session", + }, + "SessionProperty": { + "_id": "SessionProperty", + "config": { + "properties": { + "ignoreValueCase": { + "required": true, + "type": "boolean", + }, + "properties": { + "type": "object", + }, + }, + "type": "object", + }, + "logical": false, + "title": "SessionProperty", + }, + "SimpleTime": { + "_id": "SimpleTime", + "config": { + "properties": { + "endDate": { + "type": "string", + }, + "endDay": { + "type": "string", + }, + "endTime": { + "type": "string", + }, + "enforcementTimeZone": { + "type": "string", + }, + "startDate": { + "type": "string", + }, + "startDay": { + "type": "string", + }, + "startTime": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "SimpleTime", + }, + "Transaction": { + "_id": "Transaction", + "config": { + "properties": { + "authenticationStrategy": { + "type": "string", + }, + "strategySpecifier": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Transaction", + }, + }, + "decisionCombiners": { + "DenyOverride": { + "_id": "DenyOverride", + "title": "DenyOverride", + }, + }, + "idp": { + "Google Test": { + "_id": "Google Test", + "_type": { + "_id": "googleConfig", + "collection": true, + "name": "Client configuration for Google.", + }, + "acrValues": [], + "authenticationIdKey": "sub", + "authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "test", + "enableNativeNonce": true, + "enabled": true, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://accounts.google.com", + "issuerComparisonCheckType": "EXACT", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://testurl.com", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "openid", + "profile", + "email", + ], + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "transform": "58d29080-4563-480b-89bb-1e7719776a21", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #fff; color: #757575; border-color: #ddd;", + "buttonCustomStyleHover": "color: #6d6d6d; background-color: #eee; border-color: #ccc;", + "buttonDisplayName": "Google", + "buttonImage": "images/g-logo.png", + "iconBackground": "#4184f3", + "iconClass": "fa-google", + "iconFontColor": "white", + }, + "useCustomTrustStore": false, + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://accounts.google.com/.well-known/openid-configuration", + }, + }, + "policy": { + "Test Policy": { + "_id": "Test Policy", + "actionValues": {}, + "active": true, + "applicationName": "iPlanetAMWebAgentService", + "createdBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": "2024-06-27T17:07:04.220Z", + "description": "", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": "2024-10-09T21:36:26.771Z", + "name": "Test Policy", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "*://*:*/*?*", + ], + "subject": { + "subjects": [ + { + "type": "NONE", + }, + { + "subjectValues": [ + "id=phales,ou=user,dc=openam,dc=forgerock,dc=org", + ], + "type": "Identity", + }, + ], + "type": "AND", + }, + }, + }, + "policyset": { + "iPlanetAMWebAgentService": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "AND", + "OR", + "NOT", + "AMIdentityMembership", + "AuthLevel", + "LEAuthLevel", + "AuthScheme", + "AuthenticateToRealm", + "AuthenticateToService", + "IPv4", + "IPv6", + "LDAPFilter", + "OAuth2Scope", + "ResourceEnvIP", + "Session", + "SessionProperty", + "SimpleTime", + "Script", + "Transaction", + ], + "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": 1718897366825, + "description": "The built-in Application used by OpenAM Policy Agents.", + "displayName": "Default Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509786744, + "name": "iPlanetAMWebAgentService", + "resourceComparator": null, + "resourceTypeUuids": [ + "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AND", + "OR", + "NOT", + "AuthenticatedUsers", + "Identity", + "JwtClaim", + "NONE", + ], + }, + "oauth2Scopes": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "AND", + "OR", + "NOT", + "AMIdentityMembership", + "AuthLevel", + "LEAuthLevel", + "AuthScheme", + "AuthenticateToRealm", + "AuthenticateToService", + "IPv4", + "IPv6", + "LDAPFilter", + "OAuth2Scope", + "ResourceEnvIP", + "Session", + "SessionProperty", + "SimpleTime", + "Script", + "Transaction", + ], + "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": 1718897366918, + "description": "The built-in Application used by the OAuth2 scope authorization process.", + "displayName": "Default OAuth2 Scopes Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509786761, + "name": "oauth2Scopes", + "resourceComparator": null, + "resourceTypeUuids": [ + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AND", + "OR", + "NOT", + "AuthenticatedUsers", + "Identity", + "JwtClaim", + "NONE", + ], + }, + }, + "resourcetype": { + "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": 1422892465848, + "description": "The built-in URL Resource Type available to OpenAM Policies.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509786629, + "name": "URL", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + ], + "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + }, + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { + "actions": { + "GRANT": true, + }, + "createdBy": "id=dsameuser,ou=user,dc=openam,dc=forgerock,dc=org", + "creationDate": 1517161800564, + "description": "The built-in OAuth2 Scope Resource Type for OAuth2 policy-provided scope.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509786611, + "name": "OAuth2 Scope", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + "*", + ], + "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + }, + }, + "saml": { + "cot": { + "Test COT": { + "_id": "Test COT", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [], + }, + }, + "hosted": { + "VGVzdCBFbnRpdHk": { + "_id": "VGVzdCBFbnRpdHk", + "entityId": "Test Entity", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "http://localhost:8080/am/idpsaehandler/metaAlias/test", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": {}, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/AIDReqSoap/IDPRole/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "http://localhost:8080/am/AIDReqUri/IDPRole/metaAlias/test", + }, + ], + "metaAlias": "/test", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/NIMSoap/metaAlias/test", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/ArtifactResolver/metaAlias/test", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/IDPMniRedirect/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPMniRedirect/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/IDPMniPOST/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPMniPOST/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/IDPMniSoap/metaAlias/test", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/IDPSloRedirect/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPSloRedirect/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/IDPSloPOST/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPSloPOST/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/IDPSloSoap/metaAlias/test", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/SSORedirect/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/SSOPOST/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/SSOSoap/metaAlias/test", + }, + ], + }, + }, + }, + "serviceProvider": { + "advanced": { + "ecpConfiguration": { + "ecpRequestIdpListFinderImpl": "com.sun.identity.saml2.plugins.ECPIDPFinder", + }, + "idpProxy": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "spUrl": "http://localhost:8080/am/spsaehandler/metaAlias/test2", + }, + }, + "assertionContent": { + "assertionTimeSkew": 300, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "defaultItem": true, + "level": 0, + }, + ], + "authenticationComparisonType": "Exact", + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper", + "includeRequestedAuthenticationContext": true, + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": {}, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "accountMapping": { + "spAccountMapper": "com.sun.identity.saml2.plugins.DefaultSPAccountMapper", + }, + "adapter": { + "spAdapterScript": "[Empty]", + }, + "attributeMapper": { + "attributeMap": [ + { + "key": "*", + "value": "*", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper", + }, + "autoFederation": {}, + "responseArtifactMessageEncoding": { + "encoding": "URI", + }, + "url": {}, + }, + "services": { + "metaAlias": "/test2", + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", + "index": 0, + "isDefault": true, + "location": "http://localhost:8080/am/Consumer/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 1, + "isDefault": false, + "location": "http://localhost:8080/am/Consumer/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", + "index": 2, + "isDefault": false, + "location": "http://localhost:8080/am/Consumer/ECP/metaAlias/test2", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/SPMniRedirect/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPMniRedirect/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/SPMniPOST/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPMniPOST/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/SPMniSoap/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPMniSoap/metaAlias/test2", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/SPSloRedirect/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPSloRedirect/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/SPSloPOST/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPSloPOST/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/SPSloSoap/metaAlias/test2", + }, + ], + }, + }, + }, + }, + }, + "metadata": { + "VGVzdCBFbnRpdHk": [ + "", + "", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + "", + "", + "", + ], + }, + "remote": {}, + }, + "script": { + "1817cc25-fc84-4053-8f91-4ef130616e25": { + "_id": "1817cc25-fc84-4053-8f91-4ef130616e25", + "context": "OIDC_CLAIMS", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "null", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Legacy", + "script": [ + "/*", + " * Copyright 2014-2020 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "import com.iplanet.sso.SSOException", + "import com.sun.identity.idm.IdRepoException", + "import org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "import org.forgerock.oauth2.core.UserInfoClaims", + "import org.forgerock.openidconnect.Claim", + "", + "/*", + "* Defined variables:", + "* logger - always presents, the "OAuth2Provider" debug logger instance", + "* claims - always present, default server provided claims - Map", + "* claimObjects - always present, default server provided claims - List", + "* session - present if the request contains the session cookie, the user's session object", + "* identity - always present, the identity of the resource owner", + "* scopes - always present, the requested scopes", + "* scriptName - always present, the display name of the script", + "* requestProperties - always present, contains a map of request properties:", + "* requestUri - the request URI", + "* realm - the realm that the request relates to", + "* requestParams - a map of the request params and/or posted data. Each value is a list of one or", + "* more properties. Please note that these should be handled in accordance with OWASP best practices.", + "* clientProperties - present if the client specified in the request was identified, contains a map of client", + "* properties:", + "* clientId - the client's Uri for the request locale", + "* allowedGrantTypes - list of the allowed grant types (org.forgerock.oauth2.core.GrantType)", + "* for the client", + "* allowedResponseTypes - list of the allowed response types for the client", + "* allowedScopes - list of the allowed scopes for the client", + "* customProperties - A map of the custom properties of the client.", + "* Lists or maps will be included as sub-maps, e.g:", + "* testMap[Key1]=Value1 will be returned as testmap -> Key1 -> Value1", + "* requestedClaims - Map>", + "* always present, not empty if the request contains a claims parameter and server has enabled", + "* claims_parameter_supported, map of requested claims to possible values, otherwise empty,", + "* requested claims with no requested values will have a key but no value in the map. A key with", + "* a single value in its Set indicates this is the only value that should be returned.", + "* requestedTypedClaims - List", + "* always present, not empty if the request contains a claims parameter and server has enabled", + "* claims_parameter_supported, list of requested claims with claim name, requested possible values", + "* and if claim is essential, otherwise empty,", + "* requested claims with no requested values will have a claim with no values. A claims with", + "* a single value indicates this is the only value that should be returned.", + "* claimsLocales - the values from the 'claims_locales' parameter - List", + "* Required to return a Map of claims to be added to the id_token claims", + "*", + "* Expected return value structure:", + "* UserInfoClaims {", + "* Map values; // The values of the claims for the user information", + "* Map> compositeScopes; // Mapping of scope name to a list of claim names.", + "* }", + "*/", + "", + "// user session not guaranteed to be present", + "boolean sessionPresent = session != null", + "", + "/*", + " * Pulls first value from users profile attribute", + " *", + " * @param claim The claim object.", + " * @param attr The profile attribute name.", + " */", + "def fromSet = { claim, attr ->", + " if (attr != null && attr.size() == 1){", + " attr.iterator().next()", + " } else if (attr != null && attr.size() > 1){", + " attr", + " } else if (logger.warningEnabled()) {", + " logger.warning("OpenAMScopeValidator.getUserInfo(): Got an empty result for claim=$claim");", + " }", + "}", + "", + "// ---vvvvvvvvvv--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---vvvvvvvvvv---", + "/*", + " * Claim resolver which resolves the value of the claim from its requested values.", + " *", + " * This resolver will return a value if the claim has one requested values, otherwise an exception is thrown.", + " */", + "defaultClaimResolver = { claim ->", + " if (claim.getValues().size() == 1) {", + " [(claim.getName()): claim.getValues().iterator().next()]", + " } else {", + " [:]", + " }", + "}", + "", + "/*", + " * Claim resolver which resolves the value of the claim by looking up the user's profile.", + " *", + " * This resolver will return a value for the claim if:", + " * # the user's profile attribute is not null", + " * # AND the claim contains no requested values", + " * # OR the claim contains requested values and the value from the user's profile is in the list of values", + " *", + " * If no match is found an exception is thrown.", + " */", + "userProfileClaimResolver = { attribute, claim, identity ->", + " if (identity != null) {", + " userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute))", + " if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) {", + " return [(claim.getName()): userProfileValue]", + " }", + " }", + " [:]", + "}", + "", + "/*", + " * Claim resolver which resolves the value of the claim of the user's address.", + " *", + " * This resolver will return a value for the claim if:", + " * # the value of the address is not null", + " *", + " */", + "userAddressClaimResolver = { claim, identity ->", + " if (identity != null) {", + " addressFormattedValue = fromSet(claim.getName(), identity.getAttribute("postaladdress"))", + " if (addressFormattedValue != null) {", + " return [", + " "formatted" : addressFormattedValue", + " ]", + " }", + " }", + " [:]", + "}", + "", + "/*", + " * Claim resolver which resolves the value of the claim by looking up the user's profile.", + " *", + " * This resolver will return a value for the claim if:", + " * # the user's profile attribute is not null", + " * # AND the claim contains no requested values", + " * # OR the claim contains requested values and the value from the user's profile is in the list of values", + " *", + " * If the claim is essential and no value is found an InvalidRequestException will be thrown and returned to the user.", + " * If no match is found an exception is thrown.", + " */", + "essentialClaimResolver = { attribute, claim, identity ->", + " if (identity != null) {", + " userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute))", + " if (claim.isEssential() && (userProfileValue == null || userProfileValue.isEmpty())) {", + " throw new InvalidRequestException("Could not provide value for essential claim $claim")", + " }", + " if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) {", + " return [(claim.getName()): userProfileValue]", + " }", + " }", + " return [:]", + "}", + "", + "/*", + " * Claim resolver which expects the user's profile attribute value to be in the following format:", + " * "language_tag|value_for_language,...".", + " *", + " * This resolver will take the list of requested languages from the 'claims_locales' authorize request", + " * parameter and attempt to match it to a value from the users' profile attribute.", + " * If no match is found an exception is thrown.", + " */", + "claimLocalesClaimResolver = { attribute, claim, identity ->", + " if (identity != null) {", + " userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute))", + " if (userProfileValue != null) {", + " localeValues = parseLocaleAwareString(userProfileValue)", + " locale = claimsLocales.find { locale -> localeValues.containsKey(locale) }", + " if (locale != null) {", + " return [(claim.getName()): localeValues.get(locale)]", + " }", + " }", + " }", + " return [:]", + "}", + "", + "/*", + " * Claim resolver which expects the user's profile attribute value to be in the following format:", + " * "language_tag|value_for_language,...".", + " *", + " * This resolver will take the language tag specified in the claim object and attempt to match it to a value", + " * from the users' profile attribute. If no match is found an exception is thrown.", + " */", + "languageTagClaimResolver = { attribute, claim, identity ->", + " if (identity != null) {", + " userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute))", + " if (userProfileValue != null) {", + " localeValues = parseLocaleAwareString(userProfileValue)", + " if (claim.getLocale() != null) {", + " if (localeValues.containsKey(claim.getLocale())) {", + " return [(claim.getName()): localeValues.get(claim.getLocale())]", + " } else {", + " entry = localeValues.entrySet().iterator().next()", + " return [(claim.getName() + "#" + entry.getKey()): entry.getValue()]", + " }", + " } else {", + " entry = localeValues.entrySet().iterator().next()", + " return [(claim.getName()): entry.getValue()]", + " }", + " }", + " }", + " return [:]", + "}", + "", + "/*", + " * Given a string "en|English,jp|Japenese,fr_CA|French Canadian" will return map of locale -> value.", + " */", + "parseLocaleAwareString = { s ->", + " return result = s.split(",").collectEntries { entry ->", + " split = entry.split("\\\\|")", + " [(split[0]): value = split[1]]", + " }", + "}", + "// ---^^^^^^^^^^--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---^^^^^^^^^^---", + "", + "// -------------- UPDATE THIS TO CHANGE CLAIM TO ATTRIBUTE MAPPING FUNCTIONS ---------------", + "/*", + " * List of claim resolver mappings.", + " */", + "// [ {claim}: {attribute retriever}, ... ]", + "claimAttributes = [", + " "email": userProfileClaimResolver.curry("mail"),", + " "address": { claim, identity -> [ "address" : userAddressClaimResolver(claim, identity) ] },", + " "phone_number": userProfileClaimResolver.curry("telephonenumber"),", + " "given_name": userProfileClaimResolver.curry("givenname"),", + " "zoneinfo": userProfileClaimResolver.curry("preferredtimezone"),", + " "family_name": userProfileClaimResolver.curry("sn"),", + " "locale": userProfileClaimResolver.curry("preferredlocale"),", + " "name": userProfileClaimResolver.curry("cn")", + "]", + "", + "", + "// -------------- UPDATE THIS TO CHANGE SCOPE TO CLAIM MAPPINGS --------------", + "/*", + " * Map of scopes to claim objects.", + " */", + "// {scope}: [ {claim}, ... ]", + "scopeClaimsMap = [", + " "email": [ "email" ],", + " "address": [ "address" ],", + " "phone": [ "phone_number" ],", + " "profile": [ "given_name", "zoneinfo", "family_name", "locale", "name" ]", + "]", + "", + "", + "// ---------------- UPDATE BELOW FOR ADVANCED USAGES -------------------", + "if (logger.messageEnabled()) {", + " scopes.findAll { s -> !("openid".equals(s) || scopeClaimsMap.containsKey(s)) }.each { s ->", + " logger.message("OpenAMScopeValidator.getUserInfo()::Message: scope not bound to claims: $s")", + " }", + "}", + "", + "/*", + " * Computes the claims return key and value. The key may be a different value if the claim value is not in", + " * the requested language.", + " */", + "def computeClaim = { claim ->", + " try {", + " claimResolver = claimAttributes.get(claim.getName(), { claimObj, identity -> defaultClaimResolver(claim)})", + " claimResolver(claim, identity)", + " } catch (IdRepoException e) {", + " if (logger.warningEnabled()) {", + " logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e);", + " }", + " } catch (SSOException e) {", + " if (logger.warningEnabled()) {", + " logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e);", + " }", + " }", + "}", + "", + "/*", + " * Converts requested scopes into claim objects based on the scope mappings in scopeClaimsMap.", + " */", + "def convertScopeToClaims = {", + " scopes.findAll { scope -> "openid" != scope && scopeClaimsMap.containsKey(scope) }.collectMany { scope ->", + " scopeClaimsMap.get(scope).collect { claim ->", + " new Claim(claim)", + " }", + " }", + "}", + "", + "// Creates a full list of claims to resolve from requested scopes, claims provided by AS and requested claims", + "def claimsToResolve = convertScopeToClaims() + claimObjects + requestedTypedClaims", + "", + "// Computes the claim return key and values for all requested claims", + "computedClaims = claimsToResolve.collectEntries() { claim ->", + " result = computeClaim(claim)", + "}", + "", + "// Computes composite scopes", + "def compositeScopes = scopeClaimsMap.findAll { scope ->", + " scopes.contains(scope.key)", + "}", + "", + "return new UserInfoClaims((Map)computedClaims, (Map)compositeScopes)", + "", + ], + }, + "31bd2ae6-c929-4547-b636-84b874715d60": { + "_id": "31bd2ae6-c929-4547-b636-84b874715d60", + "context": "LIBRARY", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "null", + "evaluatorVersion": "2.0", + "exports": [ + { + "arity": 2, + "id": "logError", + "type": "Function", + }, + { + "arity": 2, + "id": "logWarning", + "type": "Function", + }, + { + "arity": 2, + "id": "logInfo", + "type": "Function", + }, + { + "arity": 2, + "id": "logDebug", + "type": "Function", + }, + ], + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "NextGeneration", + "script": [ + "/*", + " * Copyright 2022-2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "/*", + " * This is an example library script with methods that can be used in other scripts.", + " * To reference it, use the following:", + " *", + " * var library = require("Library Script");", + " *", + " * library.logError(logger, "Error message");", + " * library.logDebug(logger, "Debug message");", + " */", + "", + "function logError(log, errorMessage) {", + " log.error(errorMessage);", + "}", + "", + "function logWarning(log, warningMessage) {", + " log.warn(warningMessage);", + "}", + "", + "exports.logError = logError;", + "exports.logWarning = logWarning;", + "", + "// Alternatively, exports can be declared using an inline arrow function", + "", + "exports.logInfo = (log, infoMessage) => log.info(infoMessage);", + "exports.logDebug = (log, debugMessage) => log.debug(debugMessage);", + "", + ], + }, + "59335cbd-de7d-4ebd-99b0-f0fb1fe7fede": { + "_id": "59335cbd-de7d-4ebd-99b0-f0fb1fe7fede", + "context": "LIBRARY", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Test script description", + "evaluatorVersion": "2.0", + "exports": [ + { + "arity": 2, + "id": "logError", + "type": "Function", + }, + { + "arity": 2, + "id": "logWarning", + "type": "Function", + }, + { + "arity": 2, + "id": "logInfo", + "type": "Function", + }, + { + "arity": 2, + "id": "logDebug", + "type": "Function", + }, + ], + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "Test Script", + "script": [ + "/*", + " * Copyright 2022-2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "/*", + " * This is an example library script with methods that can be used in other scripts.", + " * To reference it, use the following:", + " *", + " * var library = require("Library Script");", + " *", + " * library.logError(logger, "Error message");", + " * library.logDebug(logger, "Debug message");", + " */", + "", + "function logError(log, errorMessage) {", + " log.error(errorMessage);", + "}", + "", + "function logWarning(log, warningMessage) {", + " log.warn(warningMessage);", + "}", + "", + "exports.logError = logError;", + "exports.logWarning = logWarning;", + "", + "// Alternatively, exports can be declared using an inline arrow function", + "", + "exports.logInfo = (log, infoMessage) => log.info(infoMessage);", + "exports.logDebug = (log, debugMessage) => log.debug(debugMessage);", + "", + ], + }, + "9a7836ff-b597-4799-8a6f-306fdf40f238": { + "_id": "9a7836ff-b597-4799-8a6f-306fdf40f238", + "context": "LIBRARY", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "This is a test script", + "evaluatorVersion": "2.0", + "exports": [ + { + "arity": 2, + "id": "logError", + "type": "Function", + }, + { + "arity": 2, + "id": "logWarning", + "type": "Function", + }, + { + "arity": 2, + "id": "logInfo", + "type": "Function", + }, + { + "arity": 2, + "id": "logDebug", + "type": "Function", + }, + ], + "language": "JAVASCRIPT", + "lastModifiedBy": "null", + "lastModifiedDate": 0, + "name": "test script 2", + "script": [ + "/*", + " * Copyright 2022-2023 ForgeRock AS. All Rights Reserved", + " *", + " * Use of this code requires a commercial software license with ForgeRock AS.", + " * or with one of its affiliates. All use shall be exclusively subject", + " * to such license between the licensee and ForgeRock AS.", + " */", + "", + "/*", + " * This is an example library script with methods that can be used in other scripts.", + " * To reference it, use the following:", + " *", + " * var library = require("Library Script");", + " *", + " * library.logError(logger, "Error message");", + " * library.logDebug(logger, "Debug message");", + " */", + "", + "function logError(log, errorMessage) {", + " log.error(errorMessage);", + "}", + "", + "function logWarning(log, warningMessage) {", + " log.warn(warningMessage);", + "}", + "", + "exports.logError = logError;", + "exports.logWarning = logWarning;", + "", + "// Alternatively, exports can be declared using an inline arrow function", + "", + "exports.logInfo = (log, infoMessage) => log.info(infoMessage);", + "exports.logDebug = (log, debugMessage) => log.debug(debugMessage);", + "", + ], + }, + }, + "secrets": {}, + "secretstore": { + "default-keystore": { + "_id": "default-keystore", + "_type": { + "_id": "KeyStoreSecretStore", + "collection": true, + "name": "Keystore", + }, + "file": "/root/am/security/keystores/keystore.jceks", + "keyEntryPassword": "entrypass", + "leaseExpiryDuration": 5, + "mappings": [], + "providerName": "SunJCE", + "storePassword": "storepass", + "storetype": "JCEKS", + }, + "default-passwords-store": { + "_id": "default-passwords-store", + "_type": { + "_id": "FileSystemSecretStore", + "collection": true, + "name": "File System Secret Volumes", + }, + "directory": "/root/am/security/secrets/encrypted", + "format": "ENCRYPTED_PLAIN", + }, + }, + "service": { + "IdentityAssertionService": { + "_id": "", + "_type": { + "_id": "IdentityAssertionService", + "collection": false, + "name": "Identity Assertion Service", + }, + "cacheDuration": 120, + "enable": true, + "location": "/", + "nextDescendents": [], + }, + "RemoteConsentService": { + "_id": "", + "_type": { + "_id": "RemoteConsentService", + "collection": false, + "name": "Remote Consent Service", + }, + "consentResponseTimeLimit": 2, + "jwkStoreCacheMissCacheTime": 1, + "jwkStoreCacheTimeout": 5, + "location": "/", + "nextDescendents": [], + }, + "SocialIdentityProviders": { + "_id": "", + "_type": { + "_id": "SocialIdentityProviders", + "collection": false, + "name": "Social Identity Provider Service", + }, + "enabled": true, + "location": "/", + }, + "amSessionPropertyWhitelist": { + "_id": "", + "_type": { + "_id": "amSessionPropertyWhitelist", + "collection": false, + "name": "Session Property Whitelist Service", + }, + "location": "/", + "nextDescendents": [], + "sessionPropertyWhitelist": [ + "AMCtxId", + ], + "whitelistedQueryProperties": [], + }, + "audit": { + "_id": "", + "_type": { + "_id": "audit", + "collection": false, + "name": "Audit Logging", + }, + "auditEnabled": true, + "blacklistFieldFilters": [], + "location": "/", + "nextDescendents": [], + "whitelistFieldFilters": [], + }, + "authenticatorOathService": { + "_id": "", + "_type": { + "_id": "authenticatorOathService", + "collection": false, + "name": "ForgeRock Authenticator (OATH) Service", + }, + "authenticatorOATHDeviceSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "authenticatorOATHDeviceSettingsEncryptionKeystoreKeyPairAlias": "pushDeviceProfiles", + "authenticatorOATHDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorOATHDeviceSettingsEncryptionKeystoreType": "JKS", + "authenticatorOATHDeviceSettingsEncryptionScheme": "NONE", + "authenticatorOATHSkippableName": "oath2faEnabled", + "location": "/", + "nextDescendents": [], + "oathAttrName": "oathDeviceProfiles", + }, + "authenticatorPushService": { + "_id": "", + "_type": { + "_id": "authenticatorPushService", + "collection": false, + "name": "ForgeRock Authenticator (Push) Service", + }, + "authenticatorPushDeviceSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "authenticatorPushDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorPushDeviceSettingsEncryptionKeystoreType": "JKS", + "authenticatorPushDeviceSettingsEncryptionScheme": "NONE", + "authenticatorPushSkippableName": "push2faEnabled", + "location": "/", + "nextDescendents": [], + "pushAttrName": "pushDeviceProfiles", + }, + "authenticatorWebAuthnService": { + "_id": "", + "_type": { + "_id": "authenticatorWebAuthnService", + "collection": false, + "name": "WebAuthn Profile Encryption Service", + }, + "authenticatorWebAuthnDeviceSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jceks", + "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType": "JCEKS", + "authenticatorWebAuthnDeviceSettingsEncryptionScheme": "NONE", + "location": "/", + "nextDescendents": [], + "webauthnAttrName": "webauthnDeviceProfiles", + }, + "baseurl": { + "_id": "", + "_type": { + "_id": "baseurl", + "collection": false, + "name": "Base URL Source", + }, + "contextPath": "/am", + "location": "/", + "nextDescendents": [], + "source": "REQUEST_VALUES", + }, + "dashboard": { + "_id": "", + "_type": { + "_id": "dashboard", + "collection": false, + "name": "Dashboard", + }, + "assignedDashboard": [], + "location": "/", + "nextDescendents": [], + }, + "deviceBindingService": { + "_id": "", + "_type": { + "_id": "deviceBindingService", + "collection": false, + "name": "Device Binding Service", + }, + "deviceBindingAttrName": "boundDevices", + "deviceBindingSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "deviceBindingSettingsEncryptionKeystorePassword": null, + "deviceBindingSettingsEncryptionKeystoreType": "JKS", + "deviceBindingSettingsEncryptionScheme": "NONE", + "location": "/", + "nextDescendents": [], + }, + "deviceIdService": { + "_id": "", + "_type": { + "_id": "deviceIdService", + "collection": false, + "name": "Device ID Service", + }, + "deviceIdAttrName": "devicePrintProfiles", + "deviceIdSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "deviceIdSettingsEncryptionKeystorePassword": null, + "deviceIdSettingsEncryptionKeystoreType": "JKS", + "deviceIdSettingsEncryptionScheme": "NONE", + "location": "/", + "nextDescendents": [], + }, + "deviceProfilesService": { + "_id": "", + "_type": { + "_id": "deviceProfilesService", + "collection": false, + "name": "Device Profiles Service", + }, + "deviceProfilesAttrName": "deviceProfiles", + "deviceProfilesSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "deviceProfilesSettingsEncryptionKeystorePassword": null, + "deviceProfilesSettingsEncryptionKeystoreType": "JKS", + "deviceProfilesSettingsEncryptionScheme": "NONE", + "location": "/", + "nextDescendents": [], + }, + "email": { + "_id": "", + "_type": { + "_id": "email", + "collection": false, + "name": "Email Service", + }, + "emailAddressAttribute": "mail", + "emailImplClassName": "org.forgerock.openam.services.email.MailServerImpl", + "emailRateLimitSeconds": 1, + "location": "/", + "nextDescendents": [], + "port": 465, + "sslState": "SSL", + }, + "id-repositories": { + "_id": "", + "_type": { + "_id": "id-repositories", + "collection": false, + "name": "sunIdentityRepositoryService", + }, + "location": "/", + "nextDescendents": [ + { + "_id": "embedded", + "_type": { + "_id": "LDAPv3ForOpenDS", + "collection": true, + "name": "OpenDJ", + }, + "authentication": { + "sun-idrepo-ldapv3-config-auth-naming-attr": "uid", + }, + "cachecontrol": { + "sun-idrepo-ldapv3-dncache-enabled": true, + "sun-idrepo-ldapv3-dncache-size": 1500, + }, + "errorhandling": { + "com.iplanet.am.ldap.connection.delay.between.retries": 1000, + }, + "groupconfig": { + "sun-idrepo-ldapv3-config-group-attributes": [ + "dn", + "cn", + "uniqueMember", + "objectclass", + ], + "sun-idrepo-ldapv3-config-group-container-name": "ou", + "sun-idrepo-ldapv3-config-group-container-value": "groups", + "sun-idrepo-ldapv3-config-group-objectclass": [ + "top", + "groupofuniquenames", + ], + "sun-idrepo-ldapv3-config-groups-search-attribute": "cn", + "sun-idrepo-ldapv3-config-groups-search-filter": "(objectclass=groupOfUniqueNames)", + "sun-idrepo-ldapv3-config-memberurl": "memberUrl", + "sun-idrepo-ldapv3-config-uniquemember": "uniqueMember", + }, + "ldapsettings": { + "openam-idrepo-ldapv3-affinity-level": "all", + "openam-idrepo-ldapv3-behera-support-enabled": true, + "openam-idrepo-ldapv3-contains-iot-identities-enriched-as-oauth2client": false, + "openam-idrepo-ldapv3-heartbeat-interval": 10, + "openam-idrepo-ldapv3-heartbeat-timeunit": "SECONDS", + "openam-idrepo-ldapv3-keepalive-searchfilter": "(objectclass=*)", + "openam-idrepo-ldapv3-mtls-enabled": false, + "openam-idrepo-ldapv3-proxied-auth-denied-fallback": false, + "openam-idrepo-ldapv3-proxied-auth-enabled": false, + "sun-idrepo-ldapv3-config-authid": "cn=Directory Manager", + "sun-idrepo-ldapv3-config-authpw": null, + "sun-idrepo-ldapv3-config-connection-mode": "LDAPS", + "sun-idrepo-ldapv3-config-connection_pool_max_size": 10, + "sun-idrepo-ldapv3-config-connection_pool_min_size": 1, + "sun-idrepo-ldapv3-config-ldap-server": [ + "localhost:50636", + "localhost:50636|01", + ], + "sun-idrepo-ldapv3-config-max-result": 1000, + "sun-idrepo-ldapv3-config-organization_name": "dc=openam,dc=forgerock,dc=org", + "sun-idrepo-ldapv3-config-search-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-time-limit": 10, + "sun-idrepo-ldapv3-config-trust-all-server-certificates": false, + }, + "persistentsearch": { + "sun-idrepo-ldapv3-config-psearch-filter": "(&(!(objectclass=frCoreToken))(!(ou:dn:=services))(!(ou:dn:=tokens)))", + "sun-idrepo-ldapv3-config-psearch-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-psearchbase": "dc=openam,dc=forgerock,dc=org", + }, + "pluginconfig": { + "sunIdRepoAttributeMapping": [], + "sunIdRepoClass": "org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo", + "sunIdRepoSupportedOperations": [ + "realm=read,create,edit,delete,service", + "user=read,create,edit,delete,service", + "group=read,create,edit,delete", + ], + }, + "userconfig": { + "sun-idrepo-ldapv3-config-active": "Active", + "sun-idrepo-ldapv3-config-auth-kba-attempts-attr": [ + "kbaInfoAttempts", + ], + "sun-idrepo-ldapv3-config-auth-kba-attr": [ + "kbaInfo", + ], + "sun-idrepo-ldapv3-config-auth-kba-index-attr": "kbaActiveIndex", + "sun-idrepo-ldapv3-config-createuser-attr-mapping": [ + "cn", + "sn", + ], + "sun-idrepo-ldapv3-config-inactive": "Inactive", + "sun-idrepo-ldapv3-config-isactive": "inetuserstatus", + "sun-idrepo-ldapv3-config-people-container-name": "ou", + "sun-idrepo-ldapv3-config-people-container-value": "people", + "sun-idrepo-ldapv3-config-user-attributes": [ + "iplanet-am-auth-configuration", + "iplanet-am-user-alias-list", + "iplanet-am-user-password-reset-question-answer", + "mail", + "assignedDashboard", + "authorityRevocationList", + "dn", + "iplanet-am-user-password-reset-options", + "employeeNumber", + "createTimestamp", + "kbaActiveIndex", + "caCertificate", + "iplanet-am-session-quota-limit", + "iplanet-am-user-auth-config", + "sun-fm-saml2-nameid-infokey", + "sunIdentityMSISDNNumber", + "iplanet-am-user-password-reset-force-reset", + "sunAMAuthInvalidAttemptsData", + "devicePrintProfiles", + "givenName", + "iplanet-am-session-get-valid-sessions", + "objectClass", + "adminRole", + "inetUserHttpURL", + "lastEmailSent", + "iplanet-am-user-account-life", + "postalAddress", + "userCertificate", + "preferredtimezone", + "iplanet-am-user-admin-start-dn", + "boundDevices", + "oath2faEnabled", + "preferredlanguage", + "sun-fm-saml2-nameid-info", + "userPassword", + "iplanet-am-session-service-status", + "telephoneNumber", + "iplanet-am-session-max-idle-time", + "distinguishedName", + "iplanet-am-session-destroy-sessions", + "kbaInfoAttempts", + "modifyTimestamp", + "uid", + "iplanet-am-user-success-url", + "iplanet-am-user-auth-modules", + "kbaInfo", + "memberOf", + "sn", + "preferredLocale", + "manager", + "iplanet-am-session-max-session-time", + "deviceProfiles", + "cn", + "oathDeviceProfiles", + "webauthnDeviceProfiles", + "iplanet-am-user-login-status", + "pushDeviceProfiles", + "push2faEnabled", + "inetUserStatus", + "retryLimitNodeCount", + "iplanet-am-user-failure-url", + "iplanet-am-session-max-caching-time", + "thingType", + "thingKeys", + "thingOAuth2ClientName", + "thingConfig", + "thingProperties", + ], + "sun-idrepo-ldapv3-config-user-objectclass": [ + "iplanet-am-managed-person", + "inetuser", + "sunFMSAML2NameIdentifier", + "inetorgperson", + "devicePrintProfilesContainer", + "boundDevicesContainer", + "iplanet-am-user-service", + "iPlanetPreferences", + "pushDeviceProfilesContainer", + "forgerock-am-dashboard-service", + "organizationalperson", + "top", + "kbaInfoContainer", + "person", + "sunAMAuthAccountLockout", + "oathDeviceProfilesContainer", + "webauthnDeviceProfilesContainer", + "iplanet-am-auth-configuration-service", + "deviceProfilesContainer", + "fr-iot", + ], + "sun-idrepo-ldapv3-config-users-search-attribute": "uid", + "sun-idrepo-ldapv3-config-users-search-filter": "(objectclass=inetorgperson)", + }, + }, + ], + "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", + "sunIdRepoAttributeValidator": [ + "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", + "minimumPasswordLength=8", + "usernameInvalidChars=*|(|)|&|!", + ], + }, + "iot": { + "_id": "", + "_type": { + "_id": "iot", + "collection": false, + "name": "IoT Service", + }, + "attributeAllowlist": [ + "thingConfig", + ], + "createOAuthClient": false, + "createOAuthJwtIssuer": false, + "location": "/", + "nextDescendents": [], + "oauthClientName": "forgerock-iot-oauth2-client", + "oauthJwtIssuerName": "forgerock-iot-jwt-issuer", + }, + "oauth-oidc": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": false, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "changeme", + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "[Empty]", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + ], + "supportedScopes": [], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": false, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "location": "/", + "nextDescendents": [], + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + }, + }, + "pingOneWorkerService": { + "_id": "", + "_type": { + "_id": "pingOneWorkerService", + "collection": false, + "name": "PingOne Worker Service", + }, + "enabled": true, + "location": "/", + "nextDescendents": [], + }, + "policyconfiguration": { + "_id": "", + "_type": { + "_id": "policyconfiguration", + "collection": false, + "name": "Policy Configuration", + }, + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "checkIfResourceTypeExists": true, + "connectionPoolMaximumSize": 10, + "connectionPoolMinimumSize": 1, + "ldapServer": [ + "localhost:50636", + ], + "location": "/", + "maximumSearchResults": 100, + "mtlsEnabled": false, + "nextDescendents": [], + "policyHeartbeatInterval": 10, + "policyHeartbeatTimeUnit": "SECONDS", + "realmSearchFilter": "(objectclass=sunismanagedorganization)", + "searchTimeout": 5, + "sslEnabled": true, + "subjectsResultTTL": 10, + "userAliasEnabled": false, + "usersBaseDn": "dc=openam,dc=forgerock,dc=org", + "usersSearchAttribute": "uid", + "usersSearchFilter": "(objectclass=inetorgperson)", + "usersSearchScope": "SCOPE_SUB", + }, + "pushNotification": { + "_id": "", + "_type": { + "_id": "pushNotification", + "collection": false, + "name": "Push Notification Service", + }, + "delegateFactory": "org.forgerock.openam.services.push.sns.SnsHttpDelegateFactory", + "location": "/", + "mdCacheSize": 10000, + "mdConcurrency": 16, + "mdDuration": 120, + "nextDescendents": [], + "region": "us-east-1", + }, + "security": { + "_id": "", + "_type": { + "_id": "security", + "collection": false, + "name": "Legacy User Self Service", + }, + "confirmationIdHmacKey": "YcGfeuzSM14OG5djEcxEnvPydX28nsuxAZyDX1VA8iY=", + "forgotPasswordConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", + "forgotPasswordEnabled": false, + "forgotPasswordTokenLifetime": 900, + "location": "/", + "nextDescendents": [], + "protectedUserAttributes": [], + "selfRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", + "selfRegistrationEnabled": false, + "selfRegistrationTokenLifetime": 900, + "selfServiceEnabled": false, + "userRegisteredDestination": "default", + }, + "selfService": { + "_id": "", + "_type": { + "_id": "selfService", + "collection": false, + "name": "User Self-Service", + }, + "advancedConfig": { + "forgottenPasswordConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#passwordReset/", + "forgottenPasswordServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenPasswordConfigProvider", + "forgottenUsernameServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenUsernameConfigProvider", + "userRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#register/", + "userRegistrationServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.UserRegistrationConfigProvider", + }, + "forgottenPassword": { + "forgottenPasswordCaptchaEnabled": false, + "forgottenPasswordEmailBody": [ + "en|

Click on this link to reset your password.

", + ], + "forgottenPasswordEmailSubject": [ + "en|Forgotten password email", + ], + "forgottenPasswordEmailVerificationEnabled": true, + "forgottenPasswordEnabled": false, + "forgottenPasswordKbaEnabled": false, + "forgottenPasswordTokenPaddingLength": 450, + "forgottenPasswordTokenTTL": 300, + "numberOfAllowedAttempts": 1, + "numberOfAttemptsEnforced": false, + }, + "forgottenUsername": { + "forgottenUsernameCaptchaEnabled": false, + "forgottenUsernameEmailBody": [ + "en|

Your username is %username%.

", + ], + "forgottenUsernameEmailSubject": [ + "en|Forgotten username email", + ], + "forgottenUsernameEmailUsernameEnabled": true, + "forgottenUsernameEnabled": false, + "forgottenUsernameKbaEnabled": false, + "forgottenUsernameShowUsernameEnabled": false, + "forgottenUsernameTokenTTL": 300, + }, + "generalConfig": { + "captchaVerificationUrl": "https://www.google.com/recaptcha/api/siteverify", + "kbaQuestions": [ + "4|en|What is your mother's maiden name?", + "3|en|What was the name of your childhood pet?", + "2|en|What was the model of your first car?", + "1|en|What is the name of your favourite restaurant?", + ], + "minimumAnswersToDefine": 1, + "minimumAnswersToVerify": 1, + "validQueryAttributes": [ + "uid", + "mail", + "givenName", + "sn", + ], + }, + "location": "/", + "nextDescendents": [], + "profileManagement": { + "profileAttributeWhitelist": [ + "uid", + "telephoneNumber", + "mail", + "kbaInfo", + "givenName", + "sn", + "cn", + ], + "profileProtectedUserAttributes": [ + "telephoneNumber", + "mail", + ], + }, + "userRegistration": { + "userRegisteredDestination": "default", + "userRegistrationCaptchaEnabled": false, + "userRegistrationEmailBody": [ + "en|

Click on this link to register.

", + ], + "userRegistrationEmailSubject": [ + "en|Registration email", + ], + "userRegistrationEmailVerificationEnabled": true, + "userRegistrationEmailVerificationFirstEnabled": false, + "userRegistrationEnabled": false, + "userRegistrationKbaEnabled": false, + "userRegistrationTokenTTL": 300, + "userRegistrationValidUserAttributes": [ + "userPassword", + "mail", + "givenName", + "kbaInfo", + "inetUserStatus", + "sn", + "username", + ], + }, + }, + "selfServiceTrees": { + "_id": "", + "_type": { + "_id": "selfServiceTrees", + "collection": false, + "name": "Self Service Trees", + }, + "enabled": true, + "location": "/", + "nextDescendents": [], + "treeMapping": { + "forgottenUsername": "PlatformForgottenUsername", + "registration": "PlatformRegistration", + "resetPassword": "PlatformResetPassword", + "updatePassword": "PlatformUpdatePassword", + }, + }, + "socialauthentication": { + "_id": "", + "_type": { + "_id": "socialauthentication", + "collection": false, + "name": "Social Authentication Implementations", + }, + "authenticationChains": {}, + "displayNames": {}, + "enabledKeys": [], + "icons": {}, + "location": "/", + "nextDescendents": [], + }, + "transaction": { + "_id": "", + "_type": { + "_id": "transaction", + "collection": false, + "name": "Transaction Authentication Service", + }, + "location": "/", + "nextDescendents": [], + "timeToLive": "180", + }, + "user": { + "_id": "", + "_type": { + "_id": "user", + "collection": false, + "name": "User", + }, + "dynamic": { + "defaultUserStatus": "Active", + }, + "location": "/", + "nextDescendents": [], + }, + "validation": { + "_id": "", + "_type": { + "_id": "validation", + "collection": false, + "name": "Validation Service", + }, + "location": "/", + "nextDescendents": [], + "validGotoDestinations": [], + }, + }, + "subjectAttributes": { + "undefined": "iplanet-am-user-login-status", + }, + "subjectTypes": { + "AND": { + "_id": "AND", + "config": { + "properties": { + "subjects": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "AND", + }, + "AuthenticatedUsers": { + "_id": "AuthenticatedUsers", + "config": { + "properties": {}, + "type": "object", + }, + "logical": false, + "title": "AuthenticatedUsers", + }, + "Identity": { + "_id": "Identity", + "config": { + "properties": { + "subjectValues": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Identity", + }, + "JwtClaim": { + "_id": "JwtClaim", + "config": { + "properties": { + "claimName": { + "type": "string", + }, + "claimValue": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "JwtClaim", + }, + "NONE": { + "_id": "NONE", + "config": { + "properties": {}, + "type": "object", + }, + "logical": false, + "title": "NONE", + }, + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "subject": { + "properties": {}, + "type": "object", + }, + }, + "type": "object", + }, + "logical": true, + "title": "NOT", + }, + "OR": { + "_id": "OR", + "config": { + "properties": { + "subjects": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "OR", + }, + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", + }, + "name": { + "type": "string", + }, + "values": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Policy", + }, + }, + "trees": { + "Agent": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AgentDataStoreDecisionNode", + "collection": true, + "name": "Agent Data Store Decision", + }, + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Agent", + "description": "null", + "enabled": true, + "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Agent Data Store Decision", + "nodeType": "AgentDataStoreDecisionNode", + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "a87ff679-a2f3-371d-9181-a67b7542122c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "Example": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Example", + "description": "null", + "enabled": true, + "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "connections": { + "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "connections": { + "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "connections": { + "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "Facebook-ProvisionIDMAccount": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialFacebookNode", + "collection": true, + "name": "Social Facebook", + }, + "authenticationIdKey": "id", + "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", + "cfgAccountMapperConfiguration": { + "id": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "first_name": "givenName", + "id": "iplanet-am-user-alias-list", + "last_name": "sn", + "name": "cn", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "facebook", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "public_profile,email", + "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", + "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionIdmAccountNode", + "collection": true, + "name": "Provision IDM Account", + }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Facebook-ProvisionIDMAccount", + "description": "null", + "enabled": true, + "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + }, + "displayName": "Facebook Social Authentication", + "nodeType": "SocialFacebookNode", + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision IDM Account", + "nodeType": "ProvisionIdmAccountNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "Google-AnonymousUser": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "_id": "1ff1de77-4005-38da-93f4-2943881c655f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetSuccessUrlNode", + "collection": true, + "name": "Success URL", + }, + "successUrl": "https://www.forgerock.com/", + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", + }, + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AnonymousUserNode", + "collection": true, + "name": "Anonymous User Mapping", + }, + "anonymousUserName": "anonymous", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-AnonymousUser", + "description": "null", + "enabled": true, + "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Success URL", + "nodeType": "SetSuccessUrlNode", + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "connections": { + "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", + }, + "displayName": "Map to Anonymous User", + "nodeType": "AnonymousUserNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "Google-DynamicAccountCreation": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionDynamicAccountNode", + "collection": true, + "name": "Provision Dynamic Account", + }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + }, + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "CreatePasswordNode", + "collection": true, + "name": "Create Password", + }, + "minPasswordLength": 0, + }, + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", + }, + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", + }, + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", + }, + "length": 8, + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", + }, + "passwordExpiryTime": 5, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-DynamicAccountCreation", + "description": "null", + "enabled": true, + "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision Dynamic Account", + "nodeType": "ProvisionDynamicAccountNode", + }, + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "connections": { + "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + }, + "displayName": "Create Password", + "nodeType": "CreatePasswordNode", + }, + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "connections": { + "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + }, + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "connections": { + "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", + "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "connections": { + "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "connections": { + "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "HmacOneTimePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", + }, + "length": 8, + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", + }, + "passwordExpiryTime": 5, + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "98f13708-2101-34c4-b568-7be6106a3b84": { + "_id": "98f13708-2101-34c4-b568-7be6106a3b84", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", + }, + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "HmacOneTimePassword", + "description": "null", + "enabled": true, + "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "connections": { + "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "connections": { + "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "98f13708-2101-34c4-b568-7be6106a3b84": { + "connections": { + "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + }, + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "connections": { + "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {}, + "e301438c-0bd0-429c-ab0c-66126501069a": {}, + "startNode": {}, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PersistentCookie": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetPersistentCookieNode", + "collection": true, + "name": "Set Persistent Cookie", + }, + "hmacSigningKey": null, + "idleTimeout": 5, + "maxLife": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "PersistentCookieDecisionNode", + "collection": true, + "name": "Persistent Cookie Decision", + }, + "enforceClientIp": false, + "hmacSigningKey": null, + "idleTimeout": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, + }, + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PersistentCookie", + "description": "null", + "enabled": true, + "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "connections": { + "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Persistent Cookie", + "nodeType": "SetPersistentCookieNode", + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Persistent Cookie Decision", + "nodeType": "PersistentCookieDecisionNode", + }, + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "connections": { + "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformForgottenUsername": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "d82c8d16-19ad-3176-9665-453cfb2e55f0": { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, + }, + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", + }, + "tree": "PlatformLogin", + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "forgottenUsername", + "identityAttribute": "mail", + "objectLookup": true, + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "_id": "a684ecee-e76f-3522-b732-86a895bc8436", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Forgotten Username", + }, + "stage": "null", + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", + }, + "identityAttribute": "mail", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformForgottenUsername", + "description": "Forgotten Username Tree", + "enabled": true, + "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "connections": { + "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "connections": { + "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "connections": { + "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformLogin": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "642e92ef-b794-3173-8881-b53e1e1b18b6": { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + }, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "_id": "2838023a-778d-3aec-9c21-2708f721b788", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", + }, + "tree": "PlatformProgressiveProfile", + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "New here? Create an account
Forgot username? Forgot password?", + }, + "pageHeader": { + "en": "Sign In", + }, + "stage": "null", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformLogin", + "description": "Platform Login Tree", + "enabled": true, + "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "connections": { + "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "2838023a-778d-3aec-9c21-2708f721b788", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "connections": { + "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformProgressiveProfile": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "preferences/updates", + "preferences/marketing", + ], + "identityAttribute": "userName", + "required": false, + "validateInputs": false, + }, + }, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "QueryFilterDecisionNode", + "collection": true, + "name": "Query Filter Decision", + }, + "identityAttribute": "userName", + "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", + }, + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": {}, + "pageHeader": { + "en": "Please select your preferences", + }, + "stage": "null", + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "LoginCountDecisionNode", + "collection": true, + "name": "Login Count Decision", + }, + "amount": 3, + "identityAttribute": "userName", + "interval": "AT", + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformProgressiveProfile", + "description": "Prompt for missing preferences on 3rd login", + "enabled": true, + "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", + }, + "displayName": "Query Filter Decision", + "nodeType": "QueryFilterDecisionNode", + }, + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "connections": { + "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + }, + "displayName": "Login Count Decision", + "nodeType": "LoginCountDecisionNode", + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformRegistration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "givenName", + "sn", + "mail", + "preferences/marketing", + "preferences/updates", + ], + "identityAttribute": "userName", + "required": true, + "validateInputs": true, + }, + "1c383cd3-0b7c-398a-b502-93adfecb7b18": { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AcceptTermsAndConditionsNode", + "collection": true, + "name": "Accept Terms and Conditions", + }, + }, + "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "KbaCreateNode", + "collection": true, + "name": "KBA Definition", + }, + "allowUserDefinedQuestions": true, + "message": { + "en": "Select a security question", + }, + }, + "e369853d-f766-3a44-a1ed-0ff613f563bd": { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": true, + }, + }, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "_outcomes": [ + { + "displayName": "Created", + "id": "CREATED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "CreateObjectNode", + "collection": true, + "name": "Create Object", + }, + "identityResource": "managed/user", + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "displayName": "KBA Definition", + "nodeType": "KbaCreateNode", + }, + { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "displayName": "Accept Terms and Conditions", + "nodeType": "AcceptTermsAndConditionsNode", + }, + ], + "pageDescription": { + "en": "Signing up is fast and easy.
Already have an account?Sign In", + }, + "pageHeader": { + "en": "Sign Up", + }, + "stage": "null", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformRegistration", + "description": "Platform Registration Tree", + "enabled": true, + "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "connections": { + "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Create Object", + "nodeType": "CreateObjectNode", + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "connections": { + "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformResetPassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "44f683a8-4163-3352-bafe-57c2e008bc8c": { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "66f041e1-6a60-328b-85a7-e228a89c3799": { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, + }, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Change password", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "_id": "072b030b-a126-32f4-b237-4f342be9ed44", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", + }, + "identifier": "userName", + "identityAttribute": "mail", + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "resetPassword", + "identityAttribute": "mail", + "objectLookup": true, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "mail", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformResetPassword", + "description": "Reset Password Tree", + "enabled": true, + "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "connections": { + "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "connections": { + "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "connections": { + "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "connections": { + "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformUpdatePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "735b90b4-5681-35ed-ac3f-678819b6e058": { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "7cbbc409-ec99-3f19-878c-75bd1e06f215": { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + }, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AttributePresentDecisionNode", + "collection": true, + "name": "Attribute Present Decision", + }, + "identityAttribute": "userName", + "presentAttribute": "password", + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", + }, + "emailTemplateName": "updatePassword", + "identityAttribute": "userName", + "objectLookup": true, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter current password", + }, + "pageHeader": { + "en": "Verify Existing Password", + }, + "stage": "null", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [ + "userName", + ], + "patchAsObject": true, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter new password", + }, + "pageHeader": { + "en": "Update Password", + }, + "stage": "null", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SessionDataNode", + "collection": true, + "name": "Get Session Data", + }, + "sessionDataKey": "UserToken", + "sharedStateKey": "userName", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformUpdatePassword", + "description": "Update password using active session", + "enabled": true, + "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "connections": { + "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + }, + "displayName": "Attribute Present Decision", + "nodeType": "AttributePresentDecisionNode", + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "connections": { + "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "connections": { + "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "connections": { + "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "connections": { + "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + }, + "displayName": "Get Session Data", + "nodeType": "SessionDataNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "RetryLimit": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AccountLockoutNode", + "collection": true, + "name": "Account Lockout", + }, + "lockAction": "LOCK", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "RetryLimit", + "description": "null", + "enabled": true, + "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "connections": { + "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "connections": { + "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", + "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "connections": { + "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "connections": { + "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "connections": { + "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Account Lockout", + "nodeType": "AccountLockoutNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "oath_registration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c": { + "_id": "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f": { + "_id": "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + }, + "nodes": { + "35ca2418-908d-4b92-9320-ef8576851abb": { + "_id": "35ca2418-908d-4b92-9320-ef8576851abb", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "9bfb80e1-e05a-4b3c-90bd-7091c2839e28": { + "_id": "9bfb80e1-e05a-4b3c-90bd-7091c2839e28", + "_outcomes": [ + { + "displayName": "Success", + "id": "successOutcome", + }, + { + "displayName": "Failure", + "id": "failureOutcome", + }, + ], + "_type": { + "_id": "OathRegistrationNode", + "collection": true, + "name": "OATH Registration", + }, + "accountName": "USERNAME", + "addChecksum": false, + "algorithm": "TOTP", + "bgColor": "032b75", + "generateRecoveryCodes": true, + "issuer": "ForgeRock", + "minSharedSecretLength": 32, + "passwordLength": "SIX_DIGITS", + "postponeDeviceProfileStorage": false, + "scanQRCodeMessage": {}, + "totpHashAlgorithm": "HMAC_SHA1", + "totpTimeInterval": 30, + "truncationOffset": -1, + }, + "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6": { + "_id": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", + "_outcomes": [ + { + "displayName": "Success", + "id": "successOutcome", + }, + { + "displayName": "Failure", + "id": "failureOutcome", + }, + { + "displayName": "Not registered", + "id": "notRegisteredOutcome", + }, + ], + "_type": { + "_id": "OathTokenVerifierNode", + "collection": true, + "name": "OATH Token Verifier", + }, + "algorithm": "TOTP", + "hotpWindowSize": 100, + "isRecoveryCodeAllowed": false, + "maximumAllowedClockDrift": 5, + "totpHashAlgorithm": "HMAC_SHA1", + "totpTimeInterval": 30, + "totpTimeSteps": 2, + }, + "fc5481db-cbee-479f-915a-2b40c54ce04e": { + "_id": "fc5481db-cbee-479f-915a-2b40c54ce04e", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": {}, + "pageHeader": {}, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "oath_registration", + "enabled": true, + "entryNodeId": "fc5481db-cbee-479f-915a-2b40c54ce04e", + "innerTreeOnly": false, + "nodes": { + "35ca2418-908d-4b92-9320-ef8576851abb": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "9bfb80e1-e05a-4b3c-90bd-7091c2839e28": { + "connections": { + "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "successOutcome": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", + }, + "displayName": "OATH Registration", + "nodeType": "OathRegistrationNode", + }, + "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6": { + "connections": { + "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "notRegisteredOutcome": "9bfb80e1-e05a-4b3c-90bd-7091c2839e28", + "successOutcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "OATH Token Verifier", + "nodeType": "OathTokenVerifierNode", + }, + "fc5481db-cbee-479f-915a-2b40c54ce04e": { + "connections": { + "outcome": "35ca2418-908d-4b92-9320-ef8576851abb", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {}, + "e301438c-0bd0-429c-ab0c-66126501069a": {}, + "startNode": {}, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "push_registration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9": { + "_id": "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "7ab18633-6eb0-455d-97ff-40ff7db4862a": { + "_id": "7ab18633-6eb0-455d-97ff-40ff7db4862a", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + }, + "nodes": { + "07bc635b-5a3f-461b-87ee-e76c9fa22738": { + "_id": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "7ab18633-6eb0-455d-97ff-40ff7db4862a", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": {}, + "pageHeader": {}, + }, + "0e161d10-c2d1-4196-8b41-59f80be4a587": { + "_id": "0e161d10-c2d1-4196-8b41-59f80be4a587", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "1323d24e-b9f8-4396-a9ce-4550fe3ac84f": { + "_id": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", + "_outcomes": [ + { + "displayName": "Sent", + "id": "SENT", + }, + { + "displayName": "Not Registered", + "id": "NOT_REGISTERED", + }, + { + "displayName": "Skipped", + "id": "SKIPPED", + }, + ], + "_type": { + "_id": "PushAuthenticationSenderNode", + "collection": true, + "name": "Push Sender", + }, + "captureFailure": false, + "contextInfo": false, + "customPayload": [], + "mandatory": false, + "messageTimeout": 120000, + "pushType": "DEFAULT", + "userMessage": {}, + }, + "527e6b31-01db-409c-8f52-01a5b7f48737": { + "_id": "527e6b31-01db-409c-8f52-01a5b7f48737", + "_outcomes": [ + { + "displayName": "Success", + "id": "TRUE", + }, + { + "displayName": "Failure", + "id": "FALSE", + }, + { + "displayName": "Expired", + "id": "EXPIRED", + }, + { + "displayName": "Waiting", + "id": "WAITING", + }, + ], + "_type": { + "_id": "PushResultVerifierNode", + "collection": true, + "name": "Push Result Verifier Node", + }, + }, + "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c": { + "_id": "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c", + "_outcomes": [ + { + "displayName": "Success", + "id": "successOutcome", + }, + { + "displayName": "Failure", + "id": "failureOutcome", + }, + { + "displayName": "Time Out", + "id": "timeoutOutcome", + }, + ], + "_type": { + "_id": "PushRegistrationNode", + "collection": true, + "name": "Push Registration", + }, + "accountName": "USERNAME", + "bgColor": "032b75", + "generateRecoveryCodes": true, + "issuer": "ForgeRock", + "scanQRCodeMessage": {}, + "timeout": 60, + }, + "ccb48486-0d8e-475d-a002-29d0bfa1177a": { + "_id": "ccb48486-0d8e-475d-a002-29d0bfa1177a", + "_outcomes": [ + { + "displayName": "Done", + "id": "DONE", + }, + { + "displayName": "Exit", + "id": "EXITED", + }, + ], + "_type": { + "_id": "PushWaitNode", + "collection": true, + "name": "Push Wait Node", + }, + "challengeMessage": {}, + "exitMessage": {}, + "secondsToWait": 5, + "waitingMessage": {}, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "push_registration", + "enabled": true, + "entryNodeId": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + "innerTreeOnly": false, + "nodes": { + "07bc635b-5a3f-461b-87ee-e76c9fa22738": { + "connections": {}, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "0e161d10-c2d1-4196-8b41-59f80be4a587": { + "connections": { + "true": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "1323d24e-b9f8-4396-a9ce-4550fe3ac84f": { + "connections": { + "NOT_REGISTERED": "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c", + "SENT": "ccb48486-0d8e-475d-a002-29d0bfa1177a", + "SKIPPED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Push Sender", + "nodeType": "PushAuthenticationSenderNode", + }, + "527e6b31-01db-409c-8f52-01a5b7f48737": { + "connections": { + "EXPIRED": "e301438c-0bd0-429c-ab0c-66126501069a", + "FALSE": "e301438c-0bd0-429c-ab0c-66126501069a", + "TRUE": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "WAITING": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Push Result Verifier Node", + "nodeType": "PushResultVerifierNode", + }, + "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c": { + "connections": { + "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "successOutcome": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", + "timeoutOutcome": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + }, + "displayName": "Push Registration", + "nodeType": "PushRegistrationNode", + }, + "ccb48486-0d8e-475d-a002-29d0bfa1177a": { + "connections": { + "DONE": "527e6b31-01db-409c-8f52-01a5b7f48737", + "EXITED": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + }, + "displayName": "Push Wait Node", + "nodeType": "PushWaitNode", + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {}, + "e301438c-0bd0-429c-ab0c-66126501069a": {}, + "startNode": {}, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "six": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "295a70ba-2b67-4a48-bf13-237ce0a55450": { + "_id": "295a70ba-2b67-4a48-bf13-237ce0a55450", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "4a77788d-d443-4646-ac52-5cb9f2207a8a": { + "_id": "4a77788d-d443-4646-ac52-5cb9f2207a8a", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "5883ff1e-80dd-49f5-a609-120303e1b0cd": { + "_id": "5883ff1e-80dd-49f5-a609-120303e1b0cd", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "59129227-f192-4ff4-a7b4-bc7690b82d4f": { + "_id": "59129227-f192-4ff4-a7b4-bc7690b82d4f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "6a1aa88f-25f8-4d40-8008-bfc6684b2a58": { + "_id": "6a1aa88f-25f8-4d40-8008-bfc6684b2a58", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5": { + "_id": "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "six", + "enabled": true, + "entryNodeId": "e301438c-0bd0-429c-ab0c-66126501069a", + "innerTreeOnly": false, + "nodes": { + "295a70ba-2b67-4a48-bf13-237ce0a55450": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + "4a77788d-d443-4646-ac52-5cb9f2207a8a": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + "5883ff1e-80dd-49f5-a609-120303e1b0cd": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + "59129227-f192-4ff4-a7b4-bc7690b82d4f": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + "6a1aa88f-25f8-4d40-8008-bfc6684b2a58": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {}, + "e301438c-0bd0-429c-ab0c-66126501069a": {}, + "startNode": {}, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "test": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": {}, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "test", + "enabled": true, + "entryNodeId": "d26176be-ea6f-4f2a-81cd-3d41dd6cee4d", + "innerTreeOnly": false, + "nodes": {}, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {}, + "e301438c-0bd0-429c-ab0c-66126501069a": {}, + "startNode": {}, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "webauthn_registration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "08faa9c0-7c19-454a-a4e1-0692d94615f6": { + "_id": "08faa9c0-7c19-454a-a4e1-0692d94615f6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "3334a349-b2ea-42e0-86b8-9f6c39d43dad": { + "_id": "3334a349-b2ea-42e0-86b8-9f6c39d43dad", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + }, + "nodes": { + "72ef6e1d-930c-4bed-922a-850815d98ea1": { + "_id": "72ef6e1d-930c-4bed-922a-850815d98ea1", + "_outcomes": [ + { + "displayName": "Unsupported", + "id": "unsupported", + }, + { + "displayName": "Success", + "id": "success", + }, + { + "displayName": "Failure", + "id": "failure", + }, + { + "displayName": "Client Error", + "id": "error", + }, + ], + "_type": { + "_id": "WebAuthnRegistrationNode", + "collection": true, + "name": "WebAuthn Registration Node", + }, + "acceptedSigningAlgorithms": [ + "ES256", + "RS256", + ], + "asScript": true, + "attestationPreference": "NONE", + "authenticatorAttachment": "UNSPECIFIED", + "enforceRevocationCheck": false, + "excludeCredentials": false, + "generateRecoveryCodes": true, + "maxSavedDevices": 0, + "origins": [], + "postponeDeviceProfileStorage": false, + "relyingPartyName": "ForgeRock", + "requiresResidentKey": false, + "storeAttestationDataInTransientState": false, + "timeout": 60, + "trustStoreAlias": "trustalias", + "userVerificationRequirement": "PREFERRED", + }, + "807106ff-fb66-469e-93bb-4e0834f6c875": { + "_id": "807106ff-fb66-469e-93bb-4e0834f6c875", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "08faa9c0-7c19-454a-a4e1-0692d94615f6", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "3334a349-b2ea-42e0-86b8-9f6c39d43dad", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": {}, + "pageHeader": {}, + }, + "878eb28e-41b2-4bd7-9256-80ed427bd168": { + "_id": "878eb28e-41b2-4bd7-9256-80ed427bd168", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "9fce34fc-03f1-4fb1-8ce5-1feff34a403c": { + "_id": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", + "_outcomes": [ + { + "displayName": "Unsupported", + "id": "unsupported", + }, + { + "displayName": "No Device Registered", + "id": "noDevice", + }, + { + "displayName": "Success", + "id": "success", + }, + { + "displayName": "Failure", + "id": "failure", + }, + { + "displayName": "Client Error", + "id": "error", + }, + ], + "_type": { + "_id": "WebAuthnAuthenticationNode", + "collection": true, + "name": "WebAuthn Authentication Node", + }, + "asScript": true, + "isRecoveryCodeAllowed": false, + "origins": [], + "requiresResidentKey": false, + "timeout": 60, + "userVerificationRequirement": "PREFERRED", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "webauthn_registration", + "enabled": true, + "entryNodeId": "807106ff-fb66-469e-93bb-4e0834f6c875", + "innerTreeOnly": false, + "nodes": { + "72ef6e1d-930c-4bed-922a-850815d98ea1": { + "connections": { + "error": "e301438c-0bd0-429c-ab0c-66126501069a", + "failure": "e301438c-0bd0-429c-ab0c-66126501069a", + "success": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", + "unsupported": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "WebAuthn Registration Node", + "nodeType": "WebAuthnRegistrationNode", + }, + "807106ff-fb66-469e-93bb-4e0834f6c875": { + "connections": { + "outcome": "878eb28e-41b2-4bd7-9256-80ed427bd168", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "878eb28e-41b2-4bd7-9256-80ed427bd168": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "9fce34fc-03f1-4fb1-8ce5-1feff34a403c": { + "connections": { + "error": "e301438c-0bd0-429c-ab0c-66126501069a", + "failure": "e301438c-0bd0-429c-ab0c-66126501069a", + "noDevice": "72ef6e1d-930c-4bed-922a-850815d98ea1", + "success": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "unsupported": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "WebAuthn Authentication Node", + "nodeType": "WebAuthnAuthenticationNode", + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {}, + "e301438c-0bd0-429c-ab0c-66126501069a": {}, + "startNode": {}, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, + "trustedJwtIssuer": { + "test-jwt-issuer": { + "_id": "test-jwt-issuer", + "_type": { + "_id": "TrustedJwtIssuer", + "collection": true, + "name": "OAuth2 Trusted JWT Issuer", + }, + "agentgroup": null, + "allowedSubjects": [], + "consentedScopesClaim": "scope", + "issuer": "hello", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "resourceOwnerIdentityClaim": "sub", + }, + "trusted jwt": { + "_id": "trusted jwt", + "_type": { + "_id": "TrustedJwtIssuer", + "collection": true, + "name": "OAuth2 Trusted JWT Issuer", + }, + "agentgroup": null, + "allowedSubjects": [], + "consentedScopesClaim": "scope", + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "resourceOwnerIdentityClaim": "sub", + }, + }, + "webhookService": { + "Cool Webhook": { + "_id": "Cool Webhook", + "_type": { + "_id": "webhooks", + "collection": true, + "name": "Webhook Service", + }, + "body": "body", + "headers": { + "accept": "*/*", + "cool": "test", + }, + "url": "test", + }, + "Test Webhook": { + "_id": "Test Webhook", + "_type": { + "_id": "webhooks", + "collection": true, + "name": "Webhook Service", + }, + "body": "hello", + "headers": { + "accept": "*/*", + }, + }, + }, + "wsEntity": { + "ws": { + "_id": "ws", + "_type": { + "_id": "ws", + "collection": true, + "name": "Entity Descriptor ", + }, + }, + }, + }, + "root-first": { + "agent": {}, + "agentGroup": {}, + "application": {}, + "applicationTypes": { + "iPlanetAMWebAgentService": { + "_id": "iPlanetAMWebAgentService", + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "iPlanetAMWebAgentService", + "resourceComparator": "com.sun.identity.entitlement.URLResourceName", + "saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex", + "searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex", + }, + "sunAMDelegationService": { + "_id": "sunAMDelegationService", + "actions": { + "DELEGATE": true, + "MODIFY": true, + "READ": true, + }, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "sunAMDelegationService", + "resourceComparator": "com.sun.identity.entitlement.RegExResourceName", + "saveIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator", + "searchIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter", + }, + "umaApplicationType": { + "_id": "umaApplicationType", + "actions": {}, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "umaApplicationType", + "resourceComparator": "org.forgerock.openam.uma.UmaPolicyResourceMatcher", + "saveIndex": "org.forgerock.openam.uma.UmaPolicySaveIndex", + "searchIndex": "org.forgerock.openam.uma.UmaPolicySearchIndex", + }, + }, + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "ldapService", + "orgConfig": "ldapService", + }, + "general": { + "defaultAuthLevel": 0, + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": false, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/am/console", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "moduleBasedAuthEnabled": true, + "sharedSecret": null, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 5, + }, + "userprofile": { + "aliasAttributeName": [ + "uid", + ], + "defaultRole": [], + "dynamicProfileCreation": "false", + }, + }, + "authenticationChains": { + "amsterService": { + "_id": "amsterService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "Amster", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + "ldapService": { + "_id": "ldapService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "DataStore", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + }, + "authenticationModules": { + "amster": { + "_id": "amster", + "_type": { + "_id": "amster", + "collection": true, + "name": "ForgeRock Amster", + }, + "authenticationLevel": 0, + "authorizedKeys": "/root/am/security/keys/amster/authorized_keys", + "enabled": true, + }, + "datastore": { + "_id": "datastore", + "_type": { + "_id": "datastore", + "collection": true, + "name": "Data Store", + }, + "authenticationLevel": 0, + }, + "federation": { + "_id": "federation", + "_type": { + "_id": "federation", + "collection": true, + "name": "Federation", + }, + "authenticationLevel": 0, + }, + "hotp": { + "_id": "hotp", + "_type": { + "_id": "hotp", + "collection": true, + "name": "HOTP", + }, + "authenticationLevel": 0, + "autoSendOTP": false, + "otpDeliveryMethod": "SMS and E-mail", + "otpLength": "8", + "otpMaxRetry": 3, + "otpValidityDuration": 5, + "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "smtpFromAddress": "no-reply@openam.org", + "smtpHostPort": 465, + "smtpHostname": "smtp.gmail.com", + "smtpSslEnabled": "SSL", + "smtpUserPassword": null, + "smtpUsername": "opensso.sun", + "userProfileEmailAttribute": "mail", + "userProfileTelephoneAttribute": "telephoneNumber", + }, + "ldap": { + "_id": "ldap", + "_type": { + "_id": "ldap", + "collection": true, + "name": "LDAP", + }, + "authenticationLevel": 0, + "beheraPasswordPolicySupportEnabled": true, + "connectionHeartbeatInterval": 10, + "connectionHeartbeatTimeUnit": "SECONDS", + "minimumPasswordLength": "8", + "openam-auth-ldap-connection-mode": "LDAPS", + "operationTimeout": 0, + "primaryLdapServer": [ + "localhost:50636", + ], + "profileAttributeMappings": [], + "returnUserDN": true, + "searchScope": "SUBTREE", + "secondaryLdapServer": [], + "stopLdapbindAfterInmemoryLockedEnabled": false, + "trustAllServerCertificates": false, + "userBindDN": "cn=Directory Manager", + "userBindPassword": null, + "userProfileRetrievalAttribute": "uid", + "userSearchAttributes": [ + "uid", + ], + "userSearchStartDN": [ + "dc=openam,dc=forgerock,dc=org", + ], + }, + "oath": { + "_id": "oath", + "_type": { + "_id": "oath", + "collection": true, + "name": "OATH", + }, + "addChecksum": "False", + "authenticationLevel": 0, + "forgerock-oath-maximum-clock-drift": 0, + "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", + "hotpWindowSize": 100, + "minimumSecretKeyLength": "32", + "oathAlgorithm": "HOTP", + "oathOtpMaxRetry": 3, + "passwordLength": "6", + "stepsInWindow": 2, + "timeStepSize": 30, + "truncationOffset": -1, + }, + "sae": { + "_id": "sae", + "_type": { + "_id": "sae", + "collection": true, + "name": "SAE", + }, + "authenticationLevel": 0, + }, + }, + "conditionTypes": { + "AMIdentityMembership": { + "_id": "AMIdentityMembership", + "config": { + "properties": { + "amIdentityName": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AMIdentityMembership", + }, + "AND": { + "_id": "AND", + "config": { + "properties": { + "conditions": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "AND", + }, + "AuthLevel": { + "_id": "AuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthLevel", + }, + "AuthScheme": { + "_id": "AuthScheme", + "config": { + "properties": { + "applicationIdleTimeout": { + "type": "integer", + }, + "applicationName": { + "type": "string", + }, + "authScheme": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthScheme", + }, + "AuthenticateToRealm": { + "_id": "AuthenticateToRealm", + "config": { + "properties": { + "authenticateToRealm": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthenticateToRealm", + }, + "AuthenticateToService": { + "_id": "AuthenticateToService", + "config": { + "properties": { + "authenticateToService": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthenticateToService", + }, + "IPv4": { + "_id": "IPv4", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", + }, + "type": "array", + }, + "endIp": { + "type": "string", + }, + "startIp": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "IPv4", + }, + "IPv6": { + "_id": "IPv6", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", + }, + "type": "array", + }, + "endIp": { + "type": "string", + }, + "startIp": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "IPv6", + }, + "LDAPFilter": { + "_id": "LDAPFilter", + "config": { + "properties": { + "ldapFilter": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "LDAPFilter", + }, + "LEAuthLevel": { + "_id": "LEAuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", + }, + }, + "type": "object", + }, + "logical": false, + "title": "LEAuthLevel", + }, + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "condition": { + "properties": {}, + "type": "object", + }, + }, + "type": "object", + }, + "logical": true, + "title": "NOT", + }, + "OAuth2Scope": { + "_id": "OAuth2Scope", + "config": { + "properties": { + "requiredScopes": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "OAuth2Scope", + }, + "OR": { + "_id": "OR", + "config": { + "properties": { + "conditions": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "OR", + }, + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", + }, + "properties": { + "type": "object", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Policy", + }, + "ResourceEnvIP": { + "_id": "ResourceEnvIP", + "config": { + "properties": { + "resourceEnvIPConditionValue": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "ResourceEnvIP", + }, + "Script": { + "_id": "Script", + "config": { + "properties": { + "scriptId": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Script", + }, + "Session": { + "_id": "Session", + "config": { + "properties": { + "maxSessionTime": { + "type": "integer", + }, + "terminateSession": { + "required": true, + "type": "boolean", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Session", + }, + "SessionProperty": { + "_id": "SessionProperty", + "config": { + "properties": { + "ignoreValueCase": { + "required": true, + "type": "boolean", + }, + "properties": { + "type": "object", + }, + }, + "type": "object", + }, + "logical": false, + "title": "SessionProperty", + }, + "SimpleTime": { + "_id": "SimpleTime", + "config": { + "properties": { + "endDate": { + "type": "string", + }, + "endDay": { + "type": "string", + }, + "endTime": { + "type": "string", + }, + "enforcementTimeZone": { + "type": "string", + }, + "startDate": { + "type": "string", + }, + "startDay": { + "type": "string", + }, + "startTime": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "SimpleTime", + }, + "Transaction": { + "_id": "Transaction", + "config": { + "properties": { + "authenticationStrategy": { + "type": "string", + }, + "strategySpecifier": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Transaction", + }, + }, + "decisionCombiners": { + "DenyOverride": { + "_id": "DenyOverride", + "title": "DenyOverride", + }, + }, + "idp": {}, + "policy": {}, + "policyset": { + "oauth2Scopes": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "Script", + "AMIdentityMembership", + "IPv6", + "SimpleTime", + "IPv4", + "LEAuthLevel", + "LDAPFilter", + "AuthScheme", + "Session", + "AND", + "AuthenticateToRealm", + "ResourceEnvIP", + "SessionProperty", + "OAuth2Scope", + "OR", + "Transaction", + "NOT", + "AuthLevel", + "AuthenticateToService", + ], + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1578580064992, + "description": "The built-in Application used by the OAuth2 scope authorization process.", + "displayName": "Default OAuth2 Scopes Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509788713, + "name": "oauth2Scopes", + "resourceComparator": null, + "resourceTypeUuids": [ + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AuthenticatedUsers", + "NOT", + "Identity", + "OR", + "AND", + "NONE", + "JwtClaim", + ], + }, + }, + "resourcetype": { + "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030487, + "description": "The built-in URL Resource Type available to OpenAM Policies.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509788692, + "name": "URL", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + ], + "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + }, + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { + "actions": { + "GRANT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030586, + "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509788670, + "name": "OAuth2 Scope", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + "*", + ], + "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + }, + }, + "saml": { + "cot": {}, + "hosted": {}, + "metadata": {}, + "remote": {}, + }, + "script": {}, + "secrets": {}, + "secretstore": { + "default-keystore": { + "_id": "default-keystore", + "_type": { + "_id": "KeyStoreSecretStore", + "collection": true, + "name": "Keystore", + }, + "file": "/root/am/security/keystores/keystore.jceks", + "keyEntryPassword": "entrypass", + "leaseExpiryDuration": 5, + "mappings": [], + "providerName": "SunJCE", + "storePassword": "storepass", + "storetype": "JCEKS", + }, + "default-passwords-store": { + "_id": "default-passwords-store", + "_type": { + "_id": "FileSystemSecretStore", + "collection": true, + "name": "File System Secret Volumes", + }, + "directory": "/root/am/security/secrets/encrypted", + "format": "ENCRYPTED_PLAIN", + }, + }, + "service": { + "SocialIdentityProviders": { + "_id": "", + "_type": { + "_id": "SocialIdentityProviders", + "collection": false, + "name": "Social Identity Provider Service", + }, + "enabled": true, + "location": "/first", + }, + "id-repositories": { + "_id": "", + "_type": { + "_id": "id-repositories", + "collection": false, + "name": "sunIdentityRepositoryService", + }, + "location": "/first", + "nextDescendents": [ + { + "_id": "embedded", + "_type": { + "_id": "LDAPv3ForOpenDS", + "collection": true, + "name": "OpenDJ", + }, + "authentication": { + "sun-idrepo-ldapv3-config-auth-naming-attr": "uid", + }, + "cachecontrol": { + "sun-idrepo-ldapv3-dncache-enabled": true, + "sun-idrepo-ldapv3-dncache-size": 1500, + }, + "errorhandling": { + "com.iplanet.am.ldap.connection.delay.between.retries": 1000, + }, + "groupconfig": { + "sun-idrepo-ldapv3-config-group-attributes": [ + "dn", + "cn", + "uniqueMember", + "objectclass", + ], + "sun-idrepo-ldapv3-config-group-container-name": "ou", + "sun-idrepo-ldapv3-config-group-container-value": "groups", + "sun-idrepo-ldapv3-config-group-objectclass": [ + "top", + "groupofuniquenames", + ], + "sun-idrepo-ldapv3-config-groups-search-attribute": "cn", + "sun-idrepo-ldapv3-config-groups-search-filter": "(objectclass=groupOfUniqueNames)", + "sun-idrepo-ldapv3-config-memberurl": "memberUrl", + "sun-idrepo-ldapv3-config-uniquemember": "uniqueMember", + }, + "ldapsettings": { + "openam-idrepo-ldapv3-affinity-level": "all", + "openam-idrepo-ldapv3-behera-support-enabled": true, + "openam-idrepo-ldapv3-contains-iot-identities-enriched-as-oauth2client": false, + "openam-idrepo-ldapv3-heartbeat-interval": 10, + "openam-idrepo-ldapv3-heartbeat-timeunit": "SECONDS", + "openam-idrepo-ldapv3-keepalive-searchfilter": "(objectclass=*)", + "openam-idrepo-ldapv3-mtls-enabled": false, + "openam-idrepo-ldapv3-proxied-auth-denied-fallback": false, + "openam-idrepo-ldapv3-proxied-auth-enabled": false, + "sun-idrepo-ldapv3-config-authid": "cn=Directory Manager", + "sun-idrepo-ldapv3-config-authpw": null, + "sun-idrepo-ldapv3-config-connection-mode": "LDAPS", + "sun-idrepo-ldapv3-config-connection_pool_max_size": 10, + "sun-idrepo-ldapv3-config-connection_pool_min_size": 1, + "sun-idrepo-ldapv3-config-ldap-server": [ + "localhost:50636", + "localhost:50636|01", + ], + "sun-idrepo-ldapv3-config-max-result": 1000, + "sun-idrepo-ldapv3-config-organization_name": "dc=openam,dc=forgerock,dc=org", + "sun-idrepo-ldapv3-config-search-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-time-limit": 10, + "sun-idrepo-ldapv3-config-trust-all-server-certificates": false, + }, + "persistentsearch": { + "sun-idrepo-ldapv3-config-psearch-filter": "(&(!(objectclass=frCoreToken))(!(ou:dn:=services))(!(ou:dn:=tokens)))", + "sun-idrepo-ldapv3-config-psearch-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-psearchbase": "dc=openam,dc=forgerock,dc=org", + }, + "pluginconfig": { + "sunIdRepoAttributeMapping": [], + "sunIdRepoClass": "org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo", + "sunIdRepoSupportedOperations": [ + "realm=read,create,edit,delete,service", + "user=read,create,edit,delete,service", + "group=read,create,edit,delete", + ], + }, + "userconfig": { + "sun-idrepo-ldapv3-config-active": "Active", + "sun-idrepo-ldapv3-config-auth-kba-attempts-attr": [ + "kbaInfoAttempts", + ], + "sun-idrepo-ldapv3-config-auth-kba-attr": [ + "kbaInfo", + ], + "sun-idrepo-ldapv3-config-auth-kba-index-attr": "kbaActiveIndex", + "sun-idrepo-ldapv3-config-createuser-attr-mapping": [ + "cn", + "sn", + ], + "sun-idrepo-ldapv3-config-inactive": "Inactive", + "sun-idrepo-ldapv3-config-isactive": "inetuserstatus", + "sun-idrepo-ldapv3-config-people-container-name": "ou", + "sun-idrepo-ldapv3-config-people-container-value": "people", + "sun-idrepo-ldapv3-config-user-attributes": [ + "iplanet-am-auth-configuration", + "iplanet-am-user-alias-list", + "iplanet-am-user-password-reset-question-answer", + "mail", + "assignedDashboard", + "authorityRevocationList", + "dn", + "iplanet-am-user-password-reset-options", + "employeeNumber", + "createTimestamp", + "kbaActiveIndex", + "caCertificate", + "iplanet-am-session-quota-limit", + "iplanet-am-user-auth-config", + "sun-fm-saml2-nameid-infokey", + "sunIdentityMSISDNNumber", + "iplanet-am-user-password-reset-force-reset", + "sunAMAuthInvalidAttemptsData", + "devicePrintProfiles", + "givenName", + "iplanet-am-session-get-valid-sessions", + "objectClass", + "adminRole", + "inetUserHttpURL", + "lastEmailSent", + "iplanet-am-user-account-life", + "postalAddress", + "userCertificate", + "preferredtimezone", + "iplanet-am-user-admin-start-dn", + "boundDevices", + "oath2faEnabled", + "preferredlanguage", + "sun-fm-saml2-nameid-info", + "userPassword", + "iplanet-am-session-service-status", + "telephoneNumber", + "iplanet-am-session-max-idle-time", + "distinguishedName", + "iplanet-am-session-destroy-sessions", + "kbaInfoAttempts", + "modifyTimestamp", + "uid", + "iplanet-am-user-success-url", + "iplanet-am-user-auth-modules", + "kbaInfo", + "memberOf", + "sn", + "preferredLocale", + "manager", + "iplanet-am-session-max-session-time", + "deviceProfiles", + "cn", + "oathDeviceProfiles", + "webauthnDeviceProfiles", + "iplanet-am-user-login-status", + "pushDeviceProfiles", + "push2faEnabled", + "inetUserStatus", + "retryLimitNodeCount", + "iplanet-am-user-failure-url", + "iplanet-am-session-max-caching-time", + ], + "sun-idrepo-ldapv3-config-user-objectclass": [ + "iplanet-am-managed-person", + "inetuser", + "sunFMSAML2NameIdentifier", + "inetorgperson", + "devicePrintProfilesContainer", + "boundDevicesContainer", + "iplanet-am-user-service", + "iPlanetPreferences", + "pushDeviceProfilesContainer", + "forgerock-am-dashboard-service", + "organizationalperson", + "top", + "kbaInfoContainer", + "person", + "sunAMAuthAccountLockout", + "oathDeviceProfilesContainer", + "webauthnDeviceProfilesContainer", + "iplanet-am-auth-configuration-service", + "deviceProfilesContainer", + ], + "sun-idrepo-ldapv3-config-users-search-attribute": "uid", + "sun-idrepo-ldapv3-config-users-search-filter": "(objectclass=inetorgperson)", + }, + }, + ], + "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", + "sunIdRepoAttributeValidator": [ + "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", + "minimumPasswordLength=8", + "usernameInvalidChars=*|(|)|&|!", + ], + }, + "oauth-oidc": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": false, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "changeme", + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "[Empty]", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + ], + "supportedScopes": [], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": false, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "location": "/first", + "nextDescendents": [], + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + }, + }, + "policyconfiguration": { + "_id": "", + "_type": { + "_id": "policyconfiguration", + "collection": false, + "name": "Policy Configuration", + }, + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "checkIfResourceTypeExists": true, + "connectionPoolMaximumSize": 10, + "connectionPoolMinimumSize": 1, + "ldapServer": [ + "localhost:50636", + ], + "location": "/first", + "maximumSearchResults": 100, + "mtlsEnabled": false, + "nextDescendents": [], + "policyHeartbeatInterval": 10, + "policyHeartbeatTimeUnit": "SECONDS", + "realmSearchFilter": "(objectclass=sunismanagedorganization)", + "searchTimeout": 5, + "sslEnabled": true, + "subjectsResultTTL": 10, + "userAliasEnabled": false, + "usersBaseDn": "dc=openam,dc=forgerock,dc=org", + "usersSearchAttribute": "uid", + "usersSearchFilter": "(objectclass=inetorgperson)", + "usersSearchScope": "SCOPE_SUB", + }, + }, + "subjectAttributes": { + "undefined": "iplanet-am-user-login-status", + }, + "subjectTypes": { + "AND": { + "_id": "AND", + "config": { + "properties": { + "subjects": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "AND", + }, + "AuthenticatedUsers": { + "_id": "AuthenticatedUsers", + "config": { + "properties": {}, + "type": "object", + }, + "logical": false, + "title": "AuthenticatedUsers", + }, + "Identity": { + "_id": "Identity", + "config": { + "properties": { + "subjectValues": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Identity", + }, + "JwtClaim": { + "_id": "JwtClaim", + "config": { + "properties": { + "claimName": { + "type": "string", + }, + "claimValue": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "JwtClaim", + }, + "NONE": { + "_id": "NONE", + "config": { + "properties": {}, + "type": "object", + }, + "logical": false, + "title": "NONE", + }, + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "subject": { + "properties": {}, + "type": "object", + }, + }, + "type": "object", + }, + "logical": true, + "title": "NOT", + }, + "OR": { + "_id": "OR", + "config": { + "properties": { + "subjects": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "OR", + }, + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", + }, + "name": { + "type": "string", + }, + "values": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Policy", + }, + }, + "trees": { + "Agent": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AgentDataStoreDecisionNode", + "collection": true, + "name": "Agent Data Store Decision", + }, + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Agent", + "description": "null", + "enabled": true, + "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Agent Data Store Decision", + "nodeType": "AgentDataStoreDecisionNode", + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "a87ff679-a2f3-371d-9181-a67b7542122c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "Example": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Example", + "description": "null", + "enabled": true, + "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "connections": { + "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "connections": { + "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "connections": { + "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "Facebook-ProvisionIDMAccount": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialFacebookNode", + "collection": true, + "name": "Social Facebook", + }, + "authenticationIdKey": "id", + "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", + "cfgAccountMapperConfiguration": { + "id": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "first_name": "givenName", + "id": "iplanet-am-user-alias-list", + "last_name": "sn", + "name": "cn", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "facebook", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "public_profile,email", + "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", + "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionIdmAccountNode", + "collection": true, + "name": "Provision IDM Account", + }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Facebook-ProvisionIDMAccount", + "description": "null", + "enabled": true, + "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + }, + "displayName": "Facebook Social Authentication", + "nodeType": "SocialFacebookNode", + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision IDM Account", + "nodeType": "ProvisionIdmAccountNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "Google-AnonymousUser": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "_id": "1ff1de77-4005-38da-93f4-2943881c655f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetSuccessUrlNode", + "collection": true, + "name": "Success URL", + }, + "successUrl": "https://www.forgerock.com/", + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", + }, + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AnonymousUserNode", + "collection": true, + "name": "Anonymous User Mapping", + }, + "anonymousUserName": "anonymous", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-AnonymousUser", + "description": "null", + "enabled": true, + "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Success URL", + "nodeType": "SetSuccessUrlNode", + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "connections": { + "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", + }, + "displayName": "Map to Anonymous User", + "nodeType": "AnonymousUserNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "Google-DynamicAccountCreation": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionDynamicAccountNode", + "collection": true, + "name": "Provision Dynamic Account", + }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + }, + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "CreatePasswordNode", + "collection": true, + "name": "Create Password", + }, + "minPasswordLength": 0, + }, + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", + }, + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", + }, + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", + }, + "length": 8, + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", + }, + "passwordExpiryTime": 5, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-DynamicAccountCreation", + "description": "null", + "enabled": true, + "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision Dynamic Account", + "nodeType": "ProvisionDynamicAccountNode", + }, + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "connections": { + "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + }, + "displayName": "Create Password", + "nodeType": "CreatePasswordNode", + }, + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "connections": { + "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + }, + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "connections": { + "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", + "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "connections": { + "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "connections": { + "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "HmacOneTimePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", + }, + "length": 8, + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", + }, + "passwordExpiryTime": 5, + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "98f13708-2101-34c4-b568-7be6106a3b84": { + "_id": "98f13708-2101-34c4-b568-7be6106a3b84", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", + }, + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "HmacOneTimePassword", + "description": "null", + "enabled": true, + "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "connections": { + "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "connections": { + "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "98f13708-2101-34c4-b568-7be6106a3b84": { + "connections": { + "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + }, + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "connections": { + "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PersistentCookie": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetPersistentCookieNode", + "collection": true, + "name": "Set Persistent Cookie", + }, + "hmacSigningKey": null, + "idleTimeout": 5, + "maxLife": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "PersistentCookieDecisionNode", + "collection": true, + "name": "Persistent Cookie Decision", + }, + "enforceClientIp": false, + "hmacSigningKey": null, + "idleTimeout": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, + }, + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PersistentCookie", + "description": "null", + "enabled": true, + "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "connections": { + "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Persistent Cookie", + "nodeType": "SetPersistentCookieNode", + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Persistent Cookie Decision", + "nodeType": "PersistentCookieDecisionNode", + }, + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "connections": { + "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformForgottenUsername": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "d82c8d16-19ad-3176-9665-453cfb2e55f0": { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, + }, + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", + }, + "tree": "PlatformLogin", + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "forgottenUsername", + "identityAttribute": "mail", + "objectLookup": true, + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "_id": "a684ecee-e76f-3522-b732-86a895bc8436", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Forgotten Username", + }, + "stage": "null", + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", + }, + "identityAttribute": "mail", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformForgottenUsername", + "description": "Forgotten Username Tree", + "enabled": true, + "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "connections": { + "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "connections": { + "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "connections": { + "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformLogin": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "642e92ef-b794-3173-8881-b53e1e1b18b6": { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + }, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "_id": "2838023a-778d-3aec-9c21-2708f721b788", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", + }, + "tree": "PlatformProgressiveProfile", + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "New here? Create an account
Forgot username? Forgot password?", + }, + "pageHeader": { + "en": "Sign In", + }, + "stage": "null", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformLogin", + "description": "Platform Login Tree", + "enabled": true, + "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "connections": { + "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "2838023a-778d-3aec-9c21-2708f721b788", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "connections": { + "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformProgressiveProfile": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "preferences/updates", + "preferences/marketing", + ], + "identityAttribute": "userName", + "required": false, + "validateInputs": false, + }, + }, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "QueryFilterDecisionNode", + "collection": true, + "name": "Query Filter Decision", + }, + "identityAttribute": "userName", + "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", + }, + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": {}, + "pageHeader": { + "en": "Please select your preferences", + }, + "stage": "null", + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "LoginCountDecisionNode", + "collection": true, + "name": "Login Count Decision", + }, + "amount": 3, + "identityAttribute": "userName", + "interval": "AT", + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformProgressiveProfile", + "description": "Prompt for missing preferences on 3rd login", + "enabled": true, + "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", + }, + "displayName": "Query Filter Decision", + "nodeType": "QueryFilterDecisionNode", + }, + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "connections": { + "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + }, + "displayName": "Login Count Decision", + "nodeType": "LoginCountDecisionNode", + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformRegistration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "givenName", + "sn", + "mail", + "preferences/marketing", + "preferences/updates", + ], + "identityAttribute": "userName", + "required": true, + "validateInputs": true, + }, + "1c383cd3-0b7c-398a-b502-93adfecb7b18": { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AcceptTermsAndConditionsNode", + "collection": true, + "name": "Accept Terms and Conditions", + }, + }, + "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "KbaCreateNode", + "collection": true, + "name": "KBA Definition", + }, + "allowUserDefinedQuestions": true, + "message": { + "en": "Select a security question", + }, + }, + "e369853d-f766-3a44-a1ed-0ff613f563bd": { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": true, + }, + }, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "_outcomes": [ + { + "displayName": "Created", + "id": "CREATED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "CreateObjectNode", + "collection": true, + "name": "Create Object", + }, + "identityResource": "managed/user", + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "displayName": "KBA Definition", + "nodeType": "KbaCreateNode", + }, + { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "displayName": "Accept Terms and Conditions", + "nodeType": "AcceptTermsAndConditionsNode", + }, + ], + "pageDescription": { + "en": "Signing up is fast and easy.
Already have an account?Sign In", + }, + "pageHeader": { + "en": "Sign Up", + }, + "stage": "null", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformRegistration", + "description": "Platform Registration Tree", + "enabled": true, + "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "connections": { + "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Create Object", + "nodeType": "CreateObjectNode", + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "connections": { + "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformResetPassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "44f683a8-4163-3352-bafe-57c2e008bc8c": { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "66f041e1-6a60-328b-85a7-e228a89c3799": { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, + }, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Change password", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "_id": "072b030b-a126-32f4-b237-4f342be9ed44", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", + }, + "identifier": "userName", + "identityAttribute": "mail", + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "resetPassword", + "identityAttribute": "mail", + "objectLookup": true, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "mail", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformResetPassword", + "description": "Reset Password Tree", + "enabled": true, + "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "connections": { + "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "connections": { + "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "connections": { + "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "connections": { + "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformUpdatePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "735b90b4-5681-35ed-ac3f-678819b6e058": { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "7cbbc409-ec99-3f19-878c-75bd1e06f215": { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + }, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AttributePresentDecisionNode", + "collection": true, + "name": "Attribute Present Decision", + }, + "identityAttribute": "userName", + "presentAttribute": "password", + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", + }, + "emailTemplateName": "updatePassword", + "identityAttribute": "userName", + "objectLookup": true, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter current password", + }, + "pageHeader": { + "en": "Verify Existing Password", + }, + "stage": "null", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [ + "userName", + ], + "patchAsObject": true, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter new password", + }, + "pageHeader": { + "en": "Update Password", + }, + "stage": "null", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SessionDataNode", + "collection": true, + "name": "Get Session Data", + }, + "sessionDataKey": "UserToken", + "sharedStateKey": "userName", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformUpdatePassword", + "description": "Update password using active session", + "enabled": true, + "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "connections": { + "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + }, + "displayName": "Attribute Present Decision", + "nodeType": "AttributePresentDecisionNode", + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "connections": { + "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "connections": { + "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "connections": { + "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "connections": { + "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + }, + "displayName": "Get Session Data", + "nodeType": "SessionDataNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "RetryLimit": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AccountLockoutNode", + "collection": true, + "name": "Account Lockout", + }, + "lockAction": "LOCK", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "RetryLimit", + "description": "null", + "enabled": true, + "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "connections": { + "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "connections": { + "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", + "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "connections": { + "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "connections": { + "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "connections": { + "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Account Lockout", + "nodeType": "AccountLockoutNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, + "trustedJwtIssuer": {}, + "webhookService": { + "webhooks": { + "_id": "webhooks", + "_type": { + "_id": "webhooks", + "collection": true, + "name": "Webhook Service", + }, + "headers": { + "accept": "*/*", + }, + }, + }, + "wsEntity": { + "ws": { + "_id": "ws", + "_type": { + "_id": "ws", + "collection": true, + "name": "Entity Descriptor ", + }, + }, + }, + }, + "root-first-second": { + "agent": {}, + "agentGroup": {}, + "application": {}, + "applicationTypes": { + "iPlanetAMWebAgentService": { + "_id": "iPlanetAMWebAgentService", + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "iPlanetAMWebAgentService", + "resourceComparator": "com.sun.identity.entitlement.URLResourceName", + "saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex", + "searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex", + }, + "sunAMDelegationService": { + "_id": "sunAMDelegationService", + "actions": { + "DELEGATE": true, + "MODIFY": true, + "READ": true, + }, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "sunAMDelegationService", + "resourceComparator": "com.sun.identity.entitlement.RegExResourceName", + "saveIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator", + "searchIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter", + }, + "umaApplicationType": { + "_id": "umaApplicationType", + "actions": {}, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "umaApplicationType", + "resourceComparator": "org.forgerock.openam.uma.UmaPolicyResourceMatcher", + "saveIndex": "org.forgerock.openam.uma.UmaPolicySaveIndex", + "searchIndex": "org.forgerock.openam.uma.UmaPolicySearchIndex", + }, + }, + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "ldapService", + "orgConfig": "ldapService", + }, + "general": { + "defaultAuthLevel": 0, + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": true, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/am/console", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "moduleBasedAuthEnabled": true, + "sharedSecret": null, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 5, + }, + "userprofile": { + "aliasAttributeName": [ + "uid", + ], + "defaultRole": [], + "dynamicProfileCreation": "false", + }, + }, + "authenticationChains": { + "amsterService": { + "_id": "amsterService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "Amster", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + "ldapService": { + "_id": "ldapService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "DataStore", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + }, + "authenticationModules": { + "amster": { + "_id": "amster", + "_type": { + "_id": "amster", + "collection": true, + "name": "ForgeRock Amster", + }, + "authenticationLevel": 0, + "authorizedKeys": "/root/am/security/keys/amster/authorized_keys", + "enabled": true, + }, + "datastore": { + "_id": "datastore", + "_type": { + "_id": "datastore", + "collection": true, + "name": "Data Store", + }, + "authenticationLevel": 0, + }, + "federation": { + "_id": "federation", + "_type": { + "_id": "federation", + "collection": true, + "name": "Federation", + }, + "authenticationLevel": 0, + }, + "hotp": { + "_id": "hotp", + "_type": { + "_id": "hotp", + "collection": true, + "name": "HOTP", + }, + "authenticationLevel": 0, + "autoSendOTP": false, + "otpDeliveryMethod": "SMS and E-mail", + "otpLength": "8", + "otpMaxRetry": 3, + "otpValidityDuration": 5, + "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "smtpFromAddress": "no-reply@openam.org", + "smtpHostPort": 465, + "smtpHostname": "smtp.gmail.com", + "smtpSslEnabled": "SSL", + "smtpUserPassword": null, + "smtpUsername": "opensso.sun", + "userProfileEmailAttribute": "mail", + "userProfileTelephoneAttribute": "telephoneNumber", + }, + "ldap": { + "_id": "ldap", + "_type": { + "_id": "ldap", + "collection": true, + "name": "LDAP", + }, + "authenticationLevel": 0, + "beheraPasswordPolicySupportEnabled": true, + "connectionHeartbeatInterval": 10, + "connectionHeartbeatTimeUnit": "SECONDS", + "minimumPasswordLength": "8", + "openam-auth-ldap-connection-mode": "LDAPS", + "operationTimeout": 0, + "primaryLdapServer": [ + "localhost:50636", + ], + "profileAttributeMappings": [], + "returnUserDN": true, + "searchScope": "SUBTREE", + "secondaryLdapServer": [], + "stopLdapbindAfterInmemoryLockedEnabled": false, + "trustAllServerCertificates": false, + "userBindDN": "cn=Directory Manager", + "userBindPassword": null, + "userProfileRetrievalAttribute": "uid", + "userSearchAttributes": [ + "uid", + ], + "userSearchStartDN": [ + "dc=openam,dc=forgerock,dc=org", + ], + }, + "oath": { + "_id": "oath", + "_type": { + "_id": "oath", + "collection": true, + "name": "OATH", + }, + "addChecksum": "False", + "authenticationLevel": 0, + "forgerock-oath-maximum-clock-drift": 0, + "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", + "hotpWindowSize": 100, + "minimumSecretKeyLength": "32", + "oathAlgorithm": "HOTP", + "oathOtpMaxRetry": 3, + "passwordLength": "6", + "stepsInWindow": 2, + "timeStepSize": 30, + "truncationOffset": -1, + }, + "sae": { + "_id": "sae", + "_type": { + "_id": "sae", + "collection": true, + "name": "SAE", + }, + "authenticationLevel": 0, + }, + }, + "conditionTypes": { + "AMIdentityMembership": { + "_id": "AMIdentityMembership", + "config": { + "properties": { + "amIdentityName": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AMIdentityMembership", + }, + "AND": { + "_id": "AND", + "config": { + "properties": { + "conditions": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "AND", + }, + "AuthLevel": { + "_id": "AuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthLevel", + }, + "AuthScheme": { + "_id": "AuthScheme", + "config": { + "properties": { + "applicationIdleTimeout": { + "type": "integer", + }, + "applicationName": { + "type": "string", + }, + "authScheme": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthScheme", + }, + "AuthenticateToRealm": { + "_id": "AuthenticateToRealm", + "config": { + "properties": { + "authenticateToRealm": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthenticateToRealm", + }, + "AuthenticateToService": { + "_id": "AuthenticateToService", + "config": { + "properties": { + "authenticateToService": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "AuthenticateToService", + }, + "IPv4": { + "_id": "IPv4", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", + }, + "type": "array", + }, + "endIp": { + "type": "string", + }, + "startIp": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "IPv4", + }, + "IPv6": { + "_id": "IPv6", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string", + }, + "type": "array", + }, + "endIp": { + "type": "string", + }, + "startIp": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "IPv6", + }, + "LDAPFilter": { + "_id": "LDAPFilter", + "config": { + "properties": { + "ldapFilter": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "LDAPFilter", + }, + "LEAuthLevel": { + "_id": "LEAuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer", + }, + }, + "type": "object", + }, + "logical": false, + "title": "LEAuthLevel", + }, + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "condition": { + "properties": {}, + "type": "object", + }, + }, + "type": "object", + }, + "logical": true, + "title": "NOT", + }, + "OAuth2Scope": { + "_id": "OAuth2Scope", + "config": { + "properties": { + "requiredScopes": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "OAuth2Scope", + }, + "OR": { + "_id": "OR", + "config": { + "properties": { + "conditions": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "OR", + }, + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", + }, + "properties": { + "type": "object", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Policy", + }, + "ResourceEnvIP": { + "_id": "ResourceEnvIP", + "config": { + "properties": { + "resourceEnvIPConditionValue": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "ResourceEnvIP", + }, + "Script": { + "_id": "Script", + "config": { + "properties": { + "scriptId": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Script", + }, + "Session": { + "_id": "Session", + "config": { + "properties": { + "maxSessionTime": { + "type": "integer", + }, + "terminateSession": { + "required": true, + "type": "boolean", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Session", + }, + "SessionProperty": { + "_id": "SessionProperty", + "config": { + "properties": { + "ignoreValueCase": { + "required": true, + "type": "boolean", + }, + "properties": { + "type": "object", + }, + }, + "type": "object", + }, + "logical": false, + "title": "SessionProperty", + }, + "SimpleTime": { + "_id": "SimpleTime", + "config": { + "properties": { + "endDate": { + "type": "string", + }, + "endDay": { + "type": "string", + }, + "endTime": { + "type": "string", + }, + "enforcementTimeZone": { + "type": "string", + }, + "startDate": { + "type": "string", + }, + "startDay": { + "type": "string", + }, + "startTime": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "SimpleTime", + }, + "Transaction": { + "_id": "Transaction", + "config": { + "properties": { + "authenticationStrategy": { + "type": "string", + }, + "strategySpecifier": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Transaction", + }, + }, + "decisionCombiners": { + "DenyOverride": { + "_id": "DenyOverride", + "title": "DenyOverride", + }, + }, + "idp": {}, + "policy": {}, + "policyset": { + "oauth2Scopes": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "Script", + "AMIdentityMembership", + "IPv6", + "SimpleTime", + "IPv4", + "LEAuthLevel", + "LDAPFilter", + "AuthScheme", + "Session", + "AND", + "AuthenticateToRealm", + "ResourceEnvIP", + "SessionProperty", + "OAuth2Scope", + "OR", + "Transaction", + "NOT", + "AuthLevel", + "AuthenticateToService", + ], + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1578580064992, + "description": "The built-in Application used by the OAuth2 scope authorization process.", + "displayName": "Default OAuth2 Scopes Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509790191, + "name": "oauth2Scopes", + "resourceComparator": null, + "resourceTypeUuids": [ + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AuthenticatedUsers", + "NOT", + "Identity", + "OR", + "AND", + "NONE", + "JwtClaim", + ], + }, + }, + "resourcetype": { + "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030487, + "description": "The built-in URL Resource Type available to OpenAM Policies.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509790171, + "name": "URL", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + ], + "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + }, + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { + "actions": { + "GRANT": true, + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030586, + "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", + "lastModifiedBy": "id=amadmin,ou=user,dc=openam,dc=forgerock,dc=org", + "lastModifiedDate": 1728509790156, + "name": "OAuth2 Scope", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + "*", + ], + "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + }, + }, + "saml": { + "cot": {}, + "hosted": {}, + "metadata": {}, + "remote": {}, + }, + "script": {}, + "secrets": {}, + "secretstore": { + "default-keystore": { + "_id": "default-keystore", + "_type": { + "_id": "KeyStoreSecretStore", + "collection": true, + "name": "Keystore", + }, + "file": "/root/am/security/keystores/keystore.jceks", + "keyEntryPassword": "entrypass", + "leaseExpiryDuration": 5, + "mappings": [], + "providerName": "SunJCE", + "storePassword": "storepass", + "storetype": "JCEKS", + }, + "default-passwords-store": { + "_id": "default-passwords-store", + "_type": { + "_id": "FileSystemSecretStore", + "collection": true, + "name": "File System Secret Volumes", + }, + "directory": "/root/am/security/secrets/encrypted", + "format": "ENCRYPTED_PLAIN", + }, + }, + "service": { + "SocialIdentityProviders": { + "_id": "", + "_type": { + "_id": "SocialIdentityProviders", + "collection": false, + "name": "Social Identity Provider Service", + }, + "enabled": true, + "location": "/first/second", + }, + "id-repositories": { + "_id": "", + "_type": { + "_id": "id-repositories", + "collection": false, + "name": "sunIdentityRepositoryService", + }, + "location": "/first/second", + "nextDescendents": [ + { + "_id": "embedded", + "_type": { + "_id": "LDAPv3ForOpenDS", + "collection": true, + "name": "OpenDJ", + }, + "authentication": { + "sun-idrepo-ldapv3-config-auth-naming-attr": "uid", + }, + "cachecontrol": { + "sun-idrepo-ldapv3-dncache-enabled": true, + "sun-idrepo-ldapv3-dncache-size": 1500, + }, + "errorhandling": { + "com.iplanet.am.ldap.connection.delay.between.retries": 1000, + }, + "groupconfig": { + "sun-idrepo-ldapv3-config-group-attributes": [ + "dn", + "cn", + "uniqueMember", + "objectclass", + ], + "sun-idrepo-ldapv3-config-group-container-name": "ou", + "sun-idrepo-ldapv3-config-group-container-value": "groups", + "sun-idrepo-ldapv3-config-group-objectclass": [ + "top", + "groupofuniquenames", + ], + "sun-idrepo-ldapv3-config-groups-search-attribute": "cn", + "sun-idrepo-ldapv3-config-groups-search-filter": "(objectclass=groupOfUniqueNames)", + "sun-idrepo-ldapv3-config-memberurl": "memberUrl", + "sun-idrepo-ldapv3-config-uniquemember": "uniqueMember", + }, + "ldapsettings": { + "openam-idrepo-ldapv3-affinity-level": "all", + "openam-idrepo-ldapv3-behera-support-enabled": true, + "openam-idrepo-ldapv3-contains-iot-identities-enriched-as-oauth2client": false, + "openam-idrepo-ldapv3-heartbeat-interval": 10, + "openam-idrepo-ldapv3-heartbeat-timeunit": "SECONDS", + "openam-idrepo-ldapv3-keepalive-searchfilter": "(objectclass=*)", + "openam-idrepo-ldapv3-mtls-enabled": false, + "openam-idrepo-ldapv3-proxied-auth-denied-fallback": false, + "openam-idrepo-ldapv3-proxied-auth-enabled": false, + "sun-idrepo-ldapv3-config-authid": "cn=Directory Manager", + "sun-idrepo-ldapv3-config-authpw": null, + "sun-idrepo-ldapv3-config-connection-mode": "LDAPS", + "sun-idrepo-ldapv3-config-connection_pool_max_size": 10, + "sun-idrepo-ldapv3-config-connection_pool_min_size": 1, + "sun-idrepo-ldapv3-config-ldap-server": [ + "localhost:50636", + "localhost:50636|01", + ], + "sun-idrepo-ldapv3-config-max-result": 1000, + "sun-idrepo-ldapv3-config-organization_name": "dc=openam,dc=forgerock,dc=org", + "sun-idrepo-ldapv3-config-search-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-time-limit": 10, + "sun-idrepo-ldapv3-config-trust-all-server-certificates": false, + }, + "persistentsearch": { + "sun-idrepo-ldapv3-config-psearch-filter": "(&(!(objectclass=frCoreToken))(!(ou:dn:=services))(!(ou:dn:=tokens)))", + "sun-idrepo-ldapv3-config-psearch-scope": "SCOPE_SUB", + "sun-idrepo-ldapv3-config-psearchbase": "dc=openam,dc=forgerock,dc=org", + }, + "pluginconfig": { + "sunIdRepoAttributeMapping": [], + "sunIdRepoClass": "org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo", + "sunIdRepoSupportedOperations": [ + "realm=read,create,edit,delete,service", + "user=read,create,edit,delete,service", + "group=read,create,edit,delete", + ], + }, + "userconfig": { + "sun-idrepo-ldapv3-config-active": "Active", + "sun-idrepo-ldapv3-config-auth-kba-attempts-attr": [ + "kbaInfoAttempts", + ], + "sun-idrepo-ldapv3-config-auth-kba-attr": [ + "kbaInfo", + ], + "sun-idrepo-ldapv3-config-auth-kba-index-attr": "kbaActiveIndex", + "sun-idrepo-ldapv3-config-createuser-attr-mapping": [ + "cn", + "sn", + ], + "sun-idrepo-ldapv3-config-inactive": "Inactive", + "sun-idrepo-ldapv3-config-isactive": "inetuserstatus", + "sun-idrepo-ldapv3-config-people-container-name": "ou", + "sun-idrepo-ldapv3-config-people-container-value": "people", + "sun-idrepo-ldapv3-config-user-attributes": [ + "iplanet-am-auth-configuration", + "iplanet-am-user-alias-list", + "iplanet-am-user-password-reset-question-answer", + "mail", + "assignedDashboard", + "authorityRevocationList", + "dn", + "iplanet-am-user-password-reset-options", + "employeeNumber", + "createTimestamp", + "kbaActiveIndex", + "caCertificate", + "iplanet-am-session-quota-limit", + "iplanet-am-user-auth-config", + "sun-fm-saml2-nameid-infokey", + "sunIdentityMSISDNNumber", + "iplanet-am-user-password-reset-force-reset", + "sunAMAuthInvalidAttemptsData", + "devicePrintProfiles", + "givenName", + "iplanet-am-session-get-valid-sessions", + "objectClass", + "adminRole", + "inetUserHttpURL", + "lastEmailSent", + "iplanet-am-user-account-life", + "postalAddress", + "userCertificate", + "preferredtimezone", + "iplanet-am-user-admin-start-dn", + "boundDevices", + "oath2faEnabled", + "preferredlanguage", + "sun-fm-saml2-nameid-info", + "userPassword", + "iplanet-am-session-service-status", + "telephoneNumber", + "iplanet-am-session-max-idle-time", + "distinguishedName", + "iplanet-am-session-destroy-sessions", + "kbaInfoAttempts", + "modifyTimestamp", + "uid", + "iplanet-am-user-success-url", + "iplanet-am-user-auth-modules", + "kbaInfo", + "memberOf", + "sn", + "preferredLocale", + "manager", + "iplanet-am-session-max-session-time", + "deviceProfiles", + "cn", + "oathDeviceProfiles", + "webauthnDeviceProfiles", + "iplanet-am-user-login-status", + "pushDeviceProfiles", + "push2faEnabled", + "inetUserStatus", + "retryLimitNodeCount", + "iplanet-am-user-failure-url", + "iplanet-am-session-max-caching-time", + ], + "sun-idrepo-ldapv3-config-user-objectclass": [ + "iplanet-am-managed-person", + "inetuser", + "sunFMSAML2NameIdentifier", + "inetorgperson", + "devicePrintProfilesContainer", + "boundDevicesContainer", + "iplanet-am-user-service", + "iPlanetPreferences", + "pushDeviceProfilesContainer", + "forgerock-am-dashboard-service", + "organizationalperson", + "top", + "kbaInfoContainer", + "person", + "sunAMAuthAccountLockout", + "oathDeviceProfilesContainer", + "webauthnDeviceProfilesContainer", + "iplanet-am-auth-configuration-service", + "deviceProfilesContainer", + ], + "sun-idrepo-ldapv3-config-users-search-attribute": "uid", + "sun-idrepo-ldapv3-config-users-search-filter": "(objectclass=inetorgperson)", + }, + }, + ], + "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", + "sunIdRepoAttributeValidator": [ + "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", + "minimumPasswordLength=8", + "usernameInvalidChars=*|(|)|&|!", + ], + }, + "oauth-oidc": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": false, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "changeme", + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "[Empty]", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + ], + "supportedScopes": [], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": false, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "location": "/first/second", + "nextDescendents": [], + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + }, + }, + "policyconfiguration": { + "_id": "", + "_type": { + "_id": "policyconfiguration", + "collection": false, + "name": "Policy Configuration", + }, + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "checkIfResourceTypeExists": true, + "connectionPoolMaximumSize": 10, + "connectionPoolMinimumSize": 1, + "ldapServer": [ + "localhost:50636", + ], + "location": "/first/second", + "maximumSearchResults": 100, + "mtlsEnabled": false, + "nextDescendents": [], + "policyHeartbeatInterval": 10, + "policyHeartbeatTimeUnit": "SECONDS", + "realmSearchFilter": "(objectclass=sunismanagedorganization)", + "searchTimeout": 5, + "sslEnabled": true, + "subjectsResultTTL": 10, + "userAliasEnabled": false, + "usersBaseDn": "dc=openam,dc=forgerock,dc=org", + "usersSearchAttribute": "uid", + "usersSearchFilter": "(objectclass=inetorgperson)", + "usersSearchScope": "SCOPE_SUB", + }, + }, + "subjectAttributes": { + "undefined": "iplanet-am-user-login-status", + }, + "subjectTypes": { + "AND": { + "_id": "AND", + "config": { + "properties": { + "subjects": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "AND", + }, + "AuthenticatedUsers": { + "_id": "AuthenticatedUsers", + "config": { + "properties": {}, + "type": "object", + }, + "logical": false, + "title": "AuthenticatedUsers", + }, + "Identity": { + "_id": "Identity", + "config": { + "properties": { + "subjectValues": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Identity", + }, + "JwtClaim": { + "_id": "JwtClaim", + "config": { + "properties": { + "claimName": { + "type": "string", + }, + "claimValue": { + "type": "string", + }, + }, + "type": "object", + }, + "logical": false, + "title": "JwtClaim", + }, + "NONE": { + "_id": "NONE", + "config": { + "properties": {}, + "type": "object", + }, + "logical": false, + "title": "NONE", + }, + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "subject": { + "properties": {}, + "type": "object", + }, + }, + "type": "object", + }, + "logical": true, + "title": "NOT", + }, + "OR": { + "_id": "OR", + "config": { + "properties": { + "subjects": { + "type": "array", + }, + }, + "type": "object", + }, + "logical": true, + "title": "OR", + }, + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string", + }, + "name": { + "type": "string", + }, + "values": { + "items": { + "type": "string", + }, + "type": "array", + }, + }, + "type": "object", + }, + "logical": false, + "title": "Policy", + }, + }, + "trees": { + "Agent": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AgentDataStoreDecisionNode", + "collection": true, + "name": "Agent Data Store Decision", + }, + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Agent", + "description": "null", + "enabled": true, + "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Agent Data Store Decision", + "nodeType": "AgentDataStoreDecisionNode", + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "a87ff679-a2f3-371d-9181-a67b7542122c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "Example": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Example", + "description": "null", + "enabled": true, + "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "connections": { + "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "connections": { + "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "connections": { + "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "Facebook-ProvisionIDMAccount": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialFacebookNode", + "collection": true, + "name": "Social Facebook", + }, + "authenticationIdKey": "id", + "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", + "cfgAccountMapperConfiguration": { + "id": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "first_name": "givenName", + "id": "iplanet-am-user-alias-list", + "last_name": "sn", + "name": "cn", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "facebook", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "public_profile,email", + "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", + "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionIdmAccountNode", + "collection": true, + "name": "Provision IDM Account", + }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Facebook-ProvisionIDMAccount", + "description": "null", + "enabled": true, + "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + }, + "displayName": "Facebook Social Authentication", + "nodeType": "SocialFacebookNode", + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision IDM Account", + "nodeType": "ProvisionIdmAccountNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "Google-AnonymousUser": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "_id": "1ff1de77-4005-38da-93f4-2943881c655f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetSuccessUrlNode", + "collection": true, + "name": "Success URL", + }, + "successUrl": "https://www.forgerock.com/", + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", + }, + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AnonymousUserNode", + "collection": true, + "name": "Anonymous User Mapping", + }, + "anonymousUserName": "anonymous", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-AnonymousUser", + "description": "null", + "enabled": true, + "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Success URL", + "nodeType": "SetSuccessUrlNode", + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "connections": { + "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", + }, + "displayName": "Map to Anonymous User", + "nodeType": "AnonymousUserNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "Google-DynamicAccountCreation": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionDynamicAccountNode", + "collection": true, + "name": "Provision Dynamic Account", + }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + }, + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "CreatePasswordNode", + "collection": true, + "name": "Create Password", + }, + "minPasswordLength": 0, + }, + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", + }, + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", + }, + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", + }, + "length": 8, + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", + }, + "passwordExpiryTime": 5, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-DynamicAccountCreation", + "description": "null", + "enabled": true, + "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision Dynamic Account", + "nodeType": "ProvisionDynamicAccountNode", + }, + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "connections": { + "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + }, + "displayName": "Create Password", + "nodeType": "CreatePasswordNode", + }, + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "connections": { + "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + }, + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "connections": { + "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", + "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "connections": { + "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "connections": { + "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "HmacOneTimePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", + }, + "length": 8, + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", + }, + "passwordExpiryTime": 5, + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "98f13708-2101-34c4-b568-7be6106a3b84": { + "_id": "98f13708-2101-34c4-b568-7be6106a3b84", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", + }, + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "HmacOneTimePassword", + "description": "null", + "enabled": true, + "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "connections": { + "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "connections": { + "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "98f13708-2101-34c4-b568-7be6106a3b84": { + "connections": { + "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + }, + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "connections": { + "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PersistentCookie": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetPersistentCookieNode", + "collection": true, + "name": "Set Persistent Cookie", + }, + "hmacSigningKey": null, + "idleTimeout": 5, + "maxLife": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "PersistentCookieDecisionNode", + "collection": true, + "name": "Persistent Cookie Decision", + }, + "enforceClientIp": false, + "hmacSigningKey": null, + "idleTimeout": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, + }, + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PersistentCookie", + "description": "null", + "enabled": true, + "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "connections": { + "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Persistent Cookie", + "nodeType": "SetPersistentCookieNode", + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Persistent Cookie Decision", + "nodeType": "PersistentCookieDecisionNode", + }, + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "connections": { + "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformForgottenUsername": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "d82c8d16-19ad-3176-9665-453cfb2e55f0": { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, + }, + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", + }, + "tree": "PlatformLogin", + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "forgottenUsername", + "identityAttribute": "mail", + "objectLookup": true, + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "_id": "a684ecee-e76f-3522-b732-86a895bc8436", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Forgotten Username", + }, + "stage": "null", + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", + }, + "identityAttribute": "mail", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformForgottenUsername", + "description": "Forgotten Username Tree", + "enabled": true, + "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "connections": { + "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "connections": { + "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "connections": { + "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformLogin": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "642e92ef-b794-3173-8881-b53e1e1b18b6": { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + }, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "_id": "2838023a-778d-3aec-9c21-2708f721b788", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", + }, + "tree": "PlatformProgressiveProfile", + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "New here? Create an account
Forgot username? Forgot password?", + }, + "pageHeader": { + "en": "Sign In", + }, + "stage": "null", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformLogin", + "description": "Platform Login Tree", + "enabled": true, + "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "connections": { + "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "2838023a-778d-3aec-9c21-2708f721b788", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "connections": { + "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformProgressiveProfile": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "preferences/updates", + "preferences/marketing", + ], + "identityAttribute": "userName", + "required": false, + "validateInputs": false, + }, + }, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "QueryFilterDecisionNode", + "collection": true, + "name": "Query Filter Decision", + }, + "identityAttribute": "userName", + "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", + }, + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": {}, + "pageHeader": { + "en": "Please select your preferences", + }, + "stage": "null", + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "LoginCountDecisionNode", + "collection": true, + "name": "Login Count Decision", + }, + "amount": 3, + "identityAttribute": "userName", + "interval": "AT", + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformProgressiveProfile", + "description": "Prompt for missing preferences on 3rd login", + "enabled": true, + "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", + }, + "displayName": "Query Filter Decision", + "nodeType": "QueryFilterDecisionNode", + }, + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "connections": { + "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + }, + "displayName": "Login Count Decision", + "nodeType": "LoginCountDecisionNode", + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformRegistration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "givenName", + "sn", + "mail", + "preferences/marketing", + "preferences/updates", + ], + "identityAttribute": "userName", + "required": true, + "validateInputs": true, + }, + "1c383cd3-0b7c-398a-b502-93adfecb7b18": { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AcceptTermsAndConditionsNode", + "collection": true, + "name": "Accept Terms and Conditions", + }, + }, + "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "KbaCreateNode", + "collection": true, + "name": "KBA Definition", + }, + "allowUserDefinedQuestions": true, + "message": { + "en": "Select a security question", + }, + }, + "e369853d-f766-3a44-a1ed-0ff613f563bd": { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": true, + }, + }, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "_outcomes": [ + { + "displayName": "Created", + "id": "CREATED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "CreateObjectNode", + "collection": true, + "name": "Create Object", + }, + "identityResource": "managed/user", + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "displayName": "KBA Definition", + "nodeType": "KbaCreateNode", + }, + { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "displayName": "Accept Terms and Conditions", + "nodeType": "AcceptTermsAndConditionsNode", + }, + ], + "pageDescription": { + "en": "Signing up is fast and easy.
Already have an account?Sign In", + }, + "pageHeader": { + "en": "Sign Up", + }, + "stage": "null", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformRegistration", + "description": "Platform Registration Tree", + "enabled": true, + "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "connections": { + "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Create Object", + "nodeType": "CreateObjectNode", + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "connections": { + "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformResetPassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "44f683a8-4163-3352-bafe-57c2e008bc8c": { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "66f041e1-6a60-328b-85a7-e228a89c3799": { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, + }, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Change password", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "_id": "072b030b-a126-32f4-b237-4f342be9ed44", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", + }, + "identifier": "userName", + "identityAttribute": "mail", + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "resetPassword", + "identityAttribute": "mail", + "objectLookup": true, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "mail", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformResetPassword", + "description": "Reset Password Tree", + "enabled": true, + "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "connections": { + "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "connections": { + "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "connections": { + "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "connections": { + "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "PlatformUpdatePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "735b90b4-5681-35ed-ac3f-678819b6e058": { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "7cbbc409-ec99-3f19-878c-75bd1e06f215": { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + }, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AttributePresentDecisionNode", + "collection": true, + "name": "Attribute Present Decision", + }, + "identityAttribute": "userName", + "presentAttribute": "password", + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", + }, + "emailTemplateName": "updatePassword", + "identityAttribute": "userName", + "objectLookup": true, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter current password", + }, + "pageHeader": { + "en": "Verify Existing Password", + }, + "stage": "null", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [ + "userName", + ], + "patchAsObject": true, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter new password", + }, + "pageHeader": { + "en": "Update Password", + }, + "stage": "null", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SessionDataNode", + "collection": true, + "name": "Get Session Data", + }, + "sessionDataKey": "UserToken", + "sharedStateKey": "userName", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformUpdatePassword", + "description": "Update password using active session", + "enabled": true, + "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "connections": { + "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + }, + "displayName": "Attribute Present Decision", + "nodeType": "AttributePresentDecisionNode", + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "connections": { + "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "connections": { + "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "connections": { + "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "connections": { + "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + }, + "displayName": "Get Session Data", + "nodeType": "SessionDataNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "RetryLimit": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AccountLockoutNode", + "collection": true, + "name": "Account Lockout", + }, + "lockAction": "LOCK", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "RetryLimit", + "description": "null", + "enabled": true, + "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "connections": { + "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "connections": { + "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", + "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "connections": { + "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "connections": { + "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "connections": { + "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Account Lockout", + "nodeType": "AccountLockoutNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + "Test Tree": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "0254ab35-daea-40db-9a53-44fc06715e48": { + "_id": "0254ab35-daea-40db-9a53-44fc06715e48", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Test Tree", + "enabled": true, + "entryNodeId": "0254ab35-daea-40db-9a53-44fc06715e48", + "innerTreeOnly": false, + "nodes": { + "0254ab35-daea-40db-9a53-44fc06715e48": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {}, + "e301438c-0bd0-429c-ab0c-66126501069a": {}, + "startNode": {}, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, + "trustedJwtIssuer": {}, + "webhookService": { + "webhooks": { + "_id": "webhooks", + "_type": { + "_id": "webhooks", + "collection": true, + "name": "Webhook Service", + }, + "headers": { + "accept": "*/*", + }, + }, + }, + "wsEntity": { + "ws": { + "_id": "ws", + "_type": { + "_id": "ws", + "collection": true, + "name": "Entity Descriptor ", + }, + }, + }, + }, + }, +} +`; + exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays 1`] = `0`; exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays 2`] = `""`; -exports[`frodo config export "frodo config export --global-only -af testExportAllGlobal.json -m classic": should export all global config to a single file named testExportAllGlobal.json. 1`] = `0`; +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/agent/AgentService.agent.json 1`] = ` +{ + "agent": { + "AgentService": { + "_id": "AgentService", + "_type": { + "_id": "AgentService", + "collection": false, + "name": "AgentService", + }, + }, + }, +} +`; -exports[`frodo config export "frodo config export --global-only -af testExportAllGlobal.json -m classic": should export all global config to a single file named testExportAllGlobal.json. 2`] = `""`; +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/authentication/global.authentication.settings.json 1`] = ` +{ + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "authenticators": [ + "com.sun.identity.authentication.modules.ad.AD", + "org.forgerock.openam.authentication.modules.saml2.SAML2", + "org.forgerock.openam.authentication.modules.social.SocialAuthInstagram", + "org.forgerock.openam.authentication.modules.oath.OATH", + "org.forgerock.openam.authentication.modules.social.SocialAuthVK", + "com.sun.identity.authentication.modules.membership.Membership", + "com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO", + "org.forgerock.openam.authentication.modules.deviceprint.DeviceIdSave", + "com.sun.identity.authentication.modules.federation.Federation", + "org.forgerock.openam.authentication.modules.deviceprint.DeviceIdMatch", + "com.sun.identity.authentication.modules.jdbc.JDBC", + "com.sun.identity.authentication.modules.radius.RADIUS", + "com.sun.identity.authentication.modules.anonymous.Anonymous", + "com.sun.identity.authentication.modules.cert.Cert", + "org.forgerock.openam.authentication.modules.push.registration.AuthenticatorPushRegistration", + "com.sun.identity.authentication.modules.httpbasic.HTTPBasic", + "org.forgerock.openam.authentication.modules.oidc.OpenIdConnect", + "com.sun.identity.authentication.modules.sae.SAE", + "org.forgerock.openam.authentication.modules.social.SocialAuthWeChat", + "org.forgerock.openam.authentication.modules.persistentcookie.PersistentCookie", + "org.forgerock.openam.authentication.modules.social.SocialAuthTwitter", + "com.sun.identity.authentication.modules.ldap.LDAP", + "org.forgerock.openam.authentication.modules.push.AuthenticatorPush", + "org.forgerock.openam.authentication.modules.oauth2.OAuth", + "com.sun.identity.authentication.modules.nt.NT", + "org.forgerock.openam.authentication.modules.social.SocialAuthWeChatMobile", + "org.forgerock.openam.authentication.modules.jwtpop.JwtProofOfPossession", + "com.sun.identity.authentication.modules.application.Application", + "org.forgerock.openam.authentication.modules.scripted.Scripted", + "org.forgerock.openam.authentication.modules.social.SocialAuthOAuth2", + "com.sun.identity.authentication.modules.hotp.HOTP", + "org.forgerock.openam.authentication.modules.adaptive.Adaptive", + "org.forgerock.openam.authentication.modules.accountactivecheck.AccountActiveCheck", + "org.forgerock.openam.authentication.modules.social.SocialAuthOpenID", + "com.sun.identity.authentication.modules.msisdn.MSISDN", + "org.forgerock.openam.authentication.modules.fr.oath.AuthenticatorOATH", + "com.sun.identity.authentication.modules.datastore.DataStore", + "com.sun.identity.authentication.modules.securid.SecurID", + "org.forgerock.openam.authentication.modules.amster.Amster", + ], + "defaults": { + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "[Empty]", + "orgConfig": "[Empty]", + }, + "general": { + "defaultAuthLevel": 0, + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": false, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/am/console", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "moduleBasedAuthEnabled": true, + "sharedSecret": null, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 5, + }, + "userprofile": { + "aliasAttributeName": [], + "defaultRole": [], + "dynamicProfileCreation": "false", + }, + }, + "keepPostProcessInstances": false, + "ldapConnectionPoolDefaultSize": "1:10", + "ldapConnectionPoolSize": [], + "remoteAuthSecurityEnabled": false, + }, +} +`; -exports[`frodo config export "frodo config export --realm-only -AD exportAllTestDir10 -m classic": should export all global config into separate files in the directory exportAllTestDir10 1`] = `0`; +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/authenticationChains/EMPTY.authenticationChains.json 1`] = ` +{ + "authenticationChains": { + "EMPTY": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Authentication Configuration", + }, + "dynamic": { + "authChainConfiguration": "[Empty]", + }, + }, + }, +} +`; -exports[`frodo config export "frodo config export --realm-only -AD exportAllTestDir10 -m classic": should export all global config into separate files in the directory exportAllTestDir10 2`] = `""`; +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/authenticationTreesConfiguration/EMPTY.authenticationTreesConfiguration.json 1`] = ` +{ + "authenticationTreesConfiguration": { + "EMPTY": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Authentication Trees Configuration", + }, + }, + }, +} +`; -exports[`frodo config export "frodo config export -AD exportAllTestDir1": should export everything into separate files in the directory exportAllTestDir1 1`] = `0`; +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/ALU.nodeTypes.js 1`] = ` +"var SCRIPT_OUTCOMES = { + SUCCESS: 'Success' +}; -exports[`frodo config export "frodo config export -AD exportAllTestDir1": should export everything into separate files in the directory exportAllTestDir1 2`] = `""`; +var OPERATORS = { + ADD: "ADD", + SUBTRACT: "SUBTRACT", + MULTIPLY: "MULTIPLY", + DIVIDE: "DIVIDE" +} -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5 1`] = `0`; +function main() { + var a = Number(properties.a); + var b = Number(properties.b); + switch (properties.operator) { + case OPERATORS.ADD: + nodeState.putShared("z", a + b); + break; + case OPERATORS.SUBTRACT: + nodeState.putShared("z", a - b); + break; + case OPERATORS.MULTIPLY: + nodeState.putShared("z", a * b); + break; + case OPERATORS.DIVIDE: + if (b == 0) throw new Error("Cannot divide by 0"); + nodeState.putShared("z", a / b); + break; + default: throw new Error("Unknown operator."); + } + action.goTo(SCRIPT_OUTCOMES.SUCCESS); +} -exports[`frodo config export "frodo config export -RAD exportAllTestDir5 --include-active-values": should export everything including secret values into separate files in the directory exportAllTestDir5 2`] = `""`; +main(); +" +`; -exports[`frodo config export "frodo config export -RMAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts and mappings separate 1`] = `0`; +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/ALU.nodeTypes.json 1`] = ` +{ + "nodeTypes": { + "c6063fb2f5dc42dd9772bedc93898bd8-1": { + "_id": "c6063fb2f5dc42dd9772bedc93898bd8-1", + "description": "Simple ALU that performs basic binary math operations. Expects an "x" and "y" value on the shared state, and will produce a new "z" value on the shared state as output.", + "displayName": "ALU", + "errorOutcome": true, + "inputs": [ + "x", + "y", + ], + "outcomes": [ + "Success", + ], + "outputs": [ + "z", + ], + "properties": { + "operator": { + "defaultValue": "ADD", + "description": "The operation to perform.", + "multivalued": false, + "options": { + "ADD": "+", + "DIVIDE": "/", + "MULTIPLY": "*", + "SUBTRACT": "-", + }, + "required": true, + "title": "Operator", + "type": "STRING", + }, + }, + "script": "file://ALU.nodeTypes.js", + "serviceName": "c6063fb2f5dc42dd9772bedc93898bd8", + "tags": [ + "math", + "utilities", + ], + }, + }, +} +`; -exports[`frodo config export "frodo config export -RMAsxD exportAllTestDir7 -m classic": should export everything into separate files in the directory exportAllTestDir7 with scripts and mappings separate 2`] = `""`; +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/Display-Callback.nodeTypes.js 1`] = ` +"var SCRIPT_OUTCOMES = { + OUTCOME: 'outcome' +}; -exports[`frodo config export "frodo config export -adND exportAllTestDir4": should export everything, including default scripts, to a single file 1`] = `0`; +var CALLBACKS = { + BOOLEAN_ATTRIBUTE_INPUT_CALLBACK: "BOOLEAN_ATTRIBUTE_INPUT_CALLBACK", + CHOICE_CALLBACK: "CHOICE_CALLBACK", + CONFIRMATION_CALLBACK: "CONFIRMATION_CALLBACK", + CONSENT_MAPPING_CALLBACK: "CONSENT_MAPPING_CALLBACK", + DEVICE_PROFILE_CALLBACK: "DEVICE_PROFILE_CALLBACK", + HIDDEN_VALUE_CALLBACK: "HIDDEN_VALUE_CALLBACK", + HTTP_CALLBACK: "HTTP_CALLBACK", + IDP_CALLBACK: "IDP_CALLBACK", + KBA_CREATE_CALLBACK: "KBA_CREATE_CALLBACK", + LANGUAGE_CALLBACK: "LANGUAGE_CALLBACK", + METADATA_CALLBACK: "METADATA_CALLBACK", + NAME_CALLBACK: "NAME_CALLBACK", + NUMBER_ATTRIBUTE_INPUT_CALLBACK: "NUMBER_ATTRIBUTE_INPUT_CALLBACK", + PASSWORD_CALLBACK: "PASSWORD_CALLBACK", + POLLING_WAIT_CALLBACK: "POLLING_WAIT_CALLBACK", + REDIRECT_CALLBACK: "REDIRECT_CALLBACK", + SCRIPT_TEXT_OUTPUT_CALLBACK: "SCRIPT_TEXT_OUTPUT_CALLBACK", + SELECT_IDP_CALLBACK: "SELECT_IDP_CALLBACK", + STRING_ATTRIBUTE_INPUT_CALLBACK: "STRING_ATTRIBUTE_INPUT_CALLBACK", + SUSPENDED_TEXT_OUTPUT_CALLBACK: "SUSPENDED_TEXT_OUTPUT_CALLBACK", + TERMS_AND_CONDITIONS_CALLBACK: "TERMS_AND_CONDITIONS_CALLBACK", + TEXT_INPUT_CALLBACK: "TEXT_INPUT_CALLBACK", + TEXT_OUTPUT_CALLBACK: "TEXT_OUTPUT_CALLBACK", + VALIDATED_PASSWORD_CALLBACK: "VALIDATED_PASSWORD_CALLBACK", + VALIDATED_USERNAME_CALLBACK: "VALIDATED_USERNAME_CALLBACK", + X509_CERTIFICATE_CALLBACK: "X509_CERTIFICATE_CALLBACK" +} -exports[`frodo config export "frodo config export -adND exportAllTestDir4": should export everything, including default scripts, to a single file 2`] = `""`; +function isStringPresent(value) { + return value; +} -exports[`frodo config export "frodo config export -adND exportAllTestDir6 -m classic": should export everything, including default scripts, to a single file 1`] = `0`; +function getString(value) { + return value || ''; +} -exports[`frodo config export "frodo config export -adND exportAllTestDir6 -m classic": should export everything, including default scripts, to a single file 2`] = `""`; +function isArrayPresent(value) { + return value; +} + +function getArray(value) { + return value ? JSON.parse(value) : []; +} + +function isObjectPresent(value) { + return value; +} + +function getObject(value) { + return value ? JSON.parse(value) : {}; +} + +function isIntPresent(value) { + return value; +} + +function getInt(value) { + return value ? parseInt(value) : 0; +} + +function isDoublePresent(value) { + return value; +} + +function getDouble(value) { + return value ? parseFloat(value) : 0.0; +} + +function isBooleanPresent(value) { + return value; +} + +function getBoolean(value) { + return value ? value.toLowerCase() === 'true' : false; +} + +function setProperty(value) { + if (properties.sharedProperty) nodeState.putShared(properties.sharedProperty, value); + if (properties.transientProperty) nodeState.putTransient(properties.transientProperty, value); + if (properties.objectSharedProperty) { + var attributes = {}; + attributes[properties.objectSharedProperty] = value; + nodeState.mergeShared({ + objectAttributes: attributes + }); + } + if (properties.objectTransientProperty) { + var attributes = {}; + attributes[properties.objectTransientProperty] = value; + nodeState.mergeTransient({ + objectAttributes: attributes + }); + } +} + +function booleanAttributeInputCallback() { + var name = getString(properties.options.name); + var prompt = getString(properties.options.prompt); + var value = getBoolean(properties.options.value); + var required = getBoolean(properties.options.required); + var policies = getObject(properties.options.policies); + var validateOnly = getBoolean(properties.options.validateOnly); + var failedPolicies = getArray(properties.options.failedPolicies); + if (isBooleanPresent(properties.options.validateOnly) || isObjectPresent(properties.options.policies)) { + if (isArrayPresent(failedPolicies)) { + callbacksBuilder.booleanAttributeInputCallback(name, prompt, value, required, policies, validateOnly, failedPolicies); + } else { + callbacksBuilder.booleanAttributeInputCallback(name, prompt, value, required, policies, validateOnly); + } + } else if (isArrayPresent(failedPolicies)) { + callbacksBuilder.booleanAttributeInputCallback(name, prompt, value, required, failedPolicies); + } else { + callbacksBuilder.booleanAttributeInputCallback(name, prompt, value, required); + } +} + +function choiceCallback() { + var prompt = getString(properties.options.prompt); + var choices = getArray(properties.options.choices); + var defaultChoice = getInt(properties.options.defaultChoice); + var multipleSelectionsAllowed = getBoolean(properties.options.multipleSelectionsAllowed); + callbacksBuilder.choiceCallback(prompt, choices, defaultChoice, multipleSelectionsAllowed); +} + +function confirmationCallback() { + var prompt = getString(properties.options.prompt); + var messageType = getInt(properties.options.messageType); + var options = getArray(properties.options.options); + var optionType = getInt(properties.options.optionType); + var defaultOption = getInt(properties.options.defaultOption); + if (isStringPresent(properties.options.prompt)) { + if (isIntPresent(properties.options.optionType)) { + callbacksBuilder.confirmationCallback(prompt, messageType, optionType, defaultOption); + } else { + callbacksBuilder.confirmationCallback(prompt, messageType, options, defaultOption); + } + } else { + if (isIntPresent(properties.options.optionType)) { + callbacksBuilder.confirmationCallback(messageType, optionType, defaultOption); + } else { + callbacksBuilder.confirmationCallback(messageType, options, defaultOption); + } + } +} + +function consentMappingCallback() { + var config = getObject(properties.options.config); + var message = getString(properties.options.message); + var isRequired = getBoolean(properties.options.isRequired); + var name = getString(properties.options.name); + var displayName = getString(properties.options.displayName); + var icon = getString(properties.options.icon); + var accessLevel = getString(properties.options.accessLevel); + var titles = getArray(properties.options.titles); + if (isObjectPresent(properties.options.prompt)) { + callbacksBuilder.consentMappingCallback(config, message, isRequired); + } else { + callbacksBuilder.consentMappingCallback(name, displayName, icon, accessLevel, titles, message, isRequired); + } +} + +function deviceProfileCallback() { + var metadata = getBoolean(properties.options.metadata); + var location = getBoolean(properties.options.location); + var message = getString(properties.options.message); + callbacksBuilder.deviceProfileCallback(metadata, location, message); +} + +function hiddenValueCallback() { + var id = getString(properties.options.id); + var value = getString(properties.options.value); + callbacksBuilder.hiddenValueCallback(id, value); +} + +function httpCallback() { + var authorizationHeader = getString(properties.options.authorizationHeader); + var negotiationHeader = getString(properties.options.negotiationHeader); + var authRHeader = getString(properties.options.authRHeader); + var negoName = getString(properties.options.negoName); + var negoValue = getString(properties.options.negoValue); + if (isStringPresent(properties.options.authorizationHeader) || isStringPresent(properties.options.negotiationHeader)) { + var errorCode = getString(properties.options.errorCode); + callbacksBuilder.httpCallback(authorizationHeader, negotiationHeader, errorCode); + } else { + var errorCode = getInt(properties.options.errorCode); + callbacksBuilder.httpCallback(authRHeader, negoName, negoValue, errorCode); + } +} + +function idPCallback() { + var provider = getString(properties.options.provider); + var clientId = getString(properties.options.clientId); + var redirectUri = getString(properties.options.redirectUri); + var scope = getArray(properties.options.scope); + var nonce = getString(properties.options.nonce); + var request = getString(properties.options.request); + var requestUri = getString(properties.options.requestUri); + var acrValues = getArray(properties.options.acrValues); + var requestNativeAppForUserInfo = getBoolean(properties.options.requestNativeAppForUserInfo); + var token = getString(properties.options.token); + var tokenType = getString(properties.options.tokenType); + if (isStringPresent(properties.options.token) || isStringPresent(properties.options.tokenType)) { + callbacksBuilder.idPCallback(provider, clientId, redirectUri, scope, nonce, request, requestUri, acrValues, requestNativeAppForUserInfo, token, tokenType); + } else { + callbacksBuilder.idPCallback(provider, clientId, redirectUri, scope, nonce, request, requestUri, acrValues, requestNativeAppForUserInfo); + } +} + +function kbaCreateCallback() { + var prompt = getString(properties.options.prompt); + var predefinedQuestions = getArray(properties.options.predefinedQuestions); + var allowUserDefinedQuestions = getBoolean(properties.options.allowUserDefinedQuestions); + callbacksBuilder.kbaCreateCallback(prompt, predefinedQuestions, allowUserDefinedQuestions); +} + +function languageCallback() { + var language = getString(properties.options.language); + var country = getString(properties.options.country); + callbacksBuilder.languageCallback(language, country); +} + +function metadataCallback() { + var outputValue = getObject(properties.options.outputValue); + callbacksBuilder.metadataCallback(outputValue); +} + +function nameCallback() { + var prompt = getString(properties.options.prompt); + var defaultName = getString(properties.options.defaultName); + if (isStringPresent(properties.options.defaultName)) { + callbacksBuilder.nameCallback(prompt, defaultName); + } else { + callbacksBuilder.nameCallback(prompt); + } +} + +function numberAttributeInputCallback() { + var name = getString(properties.options.name); + var prompt = getString(properties.options.prompt); + var value = getDouble(properties.options.value); + var required = getBoolean(properties.options.required); + var policies = getObject(properties.options.policies); + var validateOnly = getBoolean(properties.options.validateOnly); + var failedPolicies = getArray(properties.options.failedPolicies); + if (isBooleanPresent(properties.options.validateOnly) || isObjectPresent(properties.options.policies)) { + if (isArrayPresent(failedPolicies)) { + callbacksBuilder.numberAttributeInputCallback(name, prompt, value, required, policies, validateOnly, failedPolicies); + } else { + callbacksBuilder.numberAttributeInputCallback(name, prompt, value, required, policies, validateOnly); + } + } else if (isArrayPresent(failedPolicies)) { + callbacksBuilder.numberAttributeInputCallback(name, prompt, value, required, failedPolicies); + } else { + callbacksBuilder.numberAttributeInputCallback(name, prompt, value, required); + } +} + +function passwordCallback() { + var prompt = getString(properties.options.prompt); + var echoOn = getBoolean(properties.options.echoOn); + callbacksBuilder.passwordCallback(prompt, echoOn); +} + +function pollingWaitCallback() { + var waitTime = getString(properties.options.waitTime); + var message = getString(properties.options.message); + callbacksBuilder.pollingWaitCallback(waitTime, message); +} + +function redirectCallback() { + throw new Error('Not Implemented'); +} + +function scriptTextOutputCallback() { + var message = getString(properties.options.message); + callbacksBuilder.scriptTextOutputCallback(message); +} + +function selectIdPCallback() { + var providers = getObject(properties.options.providers); + callbacksBuilder.selectIdPCallback(providers); +} + +function stringAttributeInputCallback() { + var name = getString(properties.options.name); + var prompt = getString(properties.options.prompt); + var value = getString(properties.options.value); + var required = getBoolean(properties.options.required); + var policies = getObject(properties.options.policies); + var validateOnly = getBoolean(properties.options.validateOnly); + var failedPolicies = getArray(properties.options.failedPolicies); + if (isBooleanPresent(properties.options.validateOnly) || isObjectPresent(properties.options.policies)) { + if (isArrayPresent(failedPolicies)) { + callbacksBuilder.stringAttributeInputCallback(name, prompt, value, required, policies, validateOnly, failedPolicies); + } else { + callbacksBuilder.stringAttributeInputCallback(name, prompt, value, required, policies, validateOnly); + } + } else if (isArrayPresent(failedPolicies)) { + callbacksBuilder.stringAttributeInputCallback(name, prompt, value, required, failedPolicies); + } else { + callbacksBuilder.stringAttributeInputCallback(name, prompt, value, required); + } +} + +function suspendedTextOutputCallback() { + var messageType = getInt(properties.options.messageType); + var message = getString(properties.options.message); + callbacksBuilder.suspendedTextOutputCallback(messageType, message); +} + +function termsAndConditionsCallback() { + var version = getString(properties.options.version); + var terms = getString(properties.options.terms); + var createDate = getString(properties.options.createDate); + callbacksBuilder.termsAndConditionsCallback(version, terms, createDate); +} + +function textInputCallback() { + var prompt = getString(properties.options.prompt); + var defaultText = getString(properties.options.defaultText); + if (isStringPresent(properties.options.defaultText)) { + callbacksBuilder.textInputCallback(prompt, defaultText); + } else { + callbacksBuilder.textInputCallback(prompt); + } +} + +function textOutputCallback() { + var messageType = getString(properties.options.messageType); + var message = getString(properties.options.message); + callbacksBuilder.textOutputCallback(messageType, message); +} + +function validatedPasswordCallback() { + var prompt = getString(properties.options.prompt); + var echoOn = getBoolean(properties.options.echoOn); + var policies = getObject(properties.options.policies); + var validateOnly = getBoolean(properties.options.validateOnly); + var failedPolicies = getArray(properties.options.failedPolicies); + if (isArrayPresent(properties.options.failedPolicies)) { + callbacksBuilder.validatedPasswordCallback(prompt, echoOn, policies, validateOnly, failedPolicies); + } else { + callbacksBuilder.validatedPasswordCallback(prompt, echoOn, policies, validateOnly); + } +} + +function validatedUsernameCallback() { + var prompt = getString(properties.options.prompt); + var policies = getObject(properties.options.policies); + var validateOnly = getBoolean(properties.options.validateOnly); + var failedPolicies = getArray(properties.options.failedPolicies); + if (isArrayPresent(properties.options.failedPolicies)) { + callbacksBuilder.validatedUsernameCallback(prompt, policies, validateOnly, failedPolicies); + } else { + callbacksBuilder.validatedUsernameCallback(prompt, policies, validateOnly); + } +} + +function x509CertificateCallback() { + throw new Error('Not Implemented'); +} + +function getBooleanAttributeInputCallback() { + setProperty(callbacks.getBooleanAttributeInputCallbacks().get(0)); +} + +function getChoiceCallback() { + var multipleSelectionsAllowed = getBoolean(properties.options.multipleSelectionsAllowed); + var selections = callbacks.getChoiceCallbacks().get(0); + setProperty(multipleSelectionsAllowed ? selections : selections[0]); +} + +function getConfirmationCallback() { + setProperty(callbacks.getConfirmationCallbacks().get(0)); +} + +function getConsentMappingCallback() { + setProperty(callbacks.getConsentMappingCallbacks().get(0)); +} + +function getDeviceProfileCallback() { + setProperty(callbacks.getDeviceProfileCallbacks().get(0)); +} + +function getHiddenValueCallback() { + var id = getString(properties.options.id); + setProperty(callbacks.getHiddenValueCallbacks().get(id)); +} + +function getHttpCallback() { + setProperty(callbacks.getHttpCallbacks().get(0)); +} + +function getIdPCallback() { + setProperty(callbacks.getIdpCallbacks().get(0)); +} + +function getKbaCreateCallback() { + setProperty(callbacks.getKbaCreateCallbacks().get(0)); +} + +function getLanguageCallback() { + setProperty(callbacks.getLanguageCallbacks().get(0)); +} + +function getNameCallback() { + setProperty(callbacks.getNameCallbacks().get(0)); +} + +function getNumberAttributeInputCallback() { + setProperty(callbacks.getNumberAttributeInputCallbacks().get(0)); +} + +function getPasswordCallback() { + setProperty(callbacks.getPasswordCallbacks().get(0)); +} + +function getSelectIdPCallback() { + setProperty(callbacks.getSelectIdPCallbacks().get(0)); +} + +function getStringAttributeInputCallback() { + setProperty(callbacks.getStringAttributeInputCallbacks().get(0)); +} + +function getTermsAndConditionsCallback() { + setProperty(callbacks.getTermsAndConditionsCallbacks().get(0)); +} + +function getTextInputCallback() { + setProperty(callbacks.getTextInputCallbacks().get(0)); +} + +function getValidatedPasswordCallback() { + setProperty(callbacks.getValidatedPasswordCallbacks().get(0)); +} + +function getValidatedUsernameCallback() { + setProperty(callbacks.getValidatedUsernameCallbacks().get(0)); +} + +function getX509CertificateCallback() { + setProperty(callbacks.getX509CertificateCallbacks().get(0)); +} + +function main() { + if (!callbacks.isEmpty()) { + switch (properties.callback) { + case CALLBACKS.BOOLEAN_ATTRIBUTE_INPUT_CALLBACK: getBooleanAttributeInputCallback(); break; + case CALLBACKS.CHOICE_CALLBACK: getChoiceCallback(); break; + case CALLBACKS.CONFIRMATION_CALLBACK: getConfirmationCallback(); break; + case CALLBACKS.CONSENT_MAPPING_CALLBACK: getConsentMappingCallback(); break; + case CALLBACKS.DEVICE_PROFILE_CALLBACK: getDeviceProfileCallback(); break; + case CALLBACKS.HIDDEN_VALUE_CALLBACK: getHiddenValueCallback(); break; + case CALLBACKS.HTTP_CALLBACK: getHttpCallback(); break; + case CALLBACKS.IDP_CALLBACK: getIdPCallback(); break; + case CALLBACKS.KBA_CREATE_CALLBACK: getKbaCreateCallback(); break; + case CALLBACKS.LANGUAGE_CALLBACK: getLanguageCallback(); break; + case CALLBACKS.NAME_CALLBACK: getNameCallback(); break; + case CALLBACKS.NUMBER_ATTRIBUTE_INPUT_CALLBACK: getNumberAttributeInputCallback(); break; + case CALLBACKS.PASSWORD_CALLBACK: getPasswordCallback(); break; + case CALLBACKS.SELECT_IDP_CALLBACK: getSelectIdPCallback(); break; + case CALLBACKS.STRING_ATTRIBUTE_INPUT_CALLBACK: getStringAttributeInputCallback(); break; + case CALLBACKS.TERMS_AND_CONDITIONS_CALLBACK: getTermsAndConditionsCallback(); break; + case CALLBACKS.TEXT_INPUT_CALLBACK: getTextInputCallback(); break; + case CALLBACKS.VALIDATED_PASSWORD_CALLBACK: getValidatedPasswordCallback(); break; + case CALLBACKS.VALIDATED_USERNAME_CALLBACK: getValidatedUsernameCallback(); break; + case CALLBACKS.X509_CERTIFICATE_CALLBACK: getX509CertificateCallback(); break; + default: break; + } + action.goTo(SCRIPT_OUTCOMES.OUTCOME); + return; + } + + switch (properties.callback) { + case CALLBACKS.BOOLEAN_ATTRIBUTE_INPUT_CALLBACK: booleanAttributeInputCallback(); break; + case CALLBACKS.CHOICE_CALLBACK: choiceCallback(); break; + case CALLBACKS.CONFIRMATION_CALLBACK: confirmationCallback(); break; + case CALLBACKS.CONSENT_MAPPING_CALLBACK: consentMappingCallback(); break; + case CALLBACKS.DEVICE_PROFILE_CALLBACK: deviceProfileCallback(); break; + case CALLBACKS.HIDDEN_VALUE_CALLBACK: hiddenValueCallback(); break; + case CALLBACKS.HTTP_CALLBACK: httpCallback(); break; + case CALLBACKS.IDP_CALLBACK: idPCallback(); break; + case CALLBACKS.KBA_CREATE_CALLBACK: kbaCreateCallback(); break; + case CALLBACKS.LANGUAGE_CALLBACK: languageCallback(); break; + case CALLBACKS.METADATA_CALLBACK: metadataCallback(); break; + case CALLBACKS.NAME_CALLBACK: nameCallback(); break; + case CALLBACKS.NUMBER_ATTRIBUTE_INPUT_CALLBACK: numberAttributeInputCallback(); break; + case CALLBACKS.PASSWORD_CALLBACK: passwordCallback(); break; + case CALLBACKS.POLLING_WAIT_CALLBACK: pollingWaitCallback(); break; + case CALLBACKS.REDIRECT_CALLBACK: redirectCallback(); break; + case CALLBACKS.SCRIPT_TEXT_OUTPUT_CALLBACK: scriptTextOutputCallback(); break; + case CALLBACKS.SELECT_IDP_CALLBACK: selectIdPCallback(); break; + case CALLBACKS.STRING_ATTRIBUTE_INPUT_CALLBACK: stringAttributeInputCallback(); break; + case CALLBACKS.SUSPENDED_TEXT_OUTPUT_CALLBACK: suspendedTextOutputCallback(); break; + case CALLBACKS.TERMS_AND_CONDITIONS_CALLBACK: termsAndConditionsCallback(); break; + case CALLBACKS.TEXT_INPUT_CALLBACK: textInputCallback(); break; + case CALLBACKS.TEXT_OUTPUT_CALLBACK: textOutputCallback(); break; + case CALLBACKS.VALIDATED_PASSWORD_CALLBACK: validatedPasswordCallback(); break; + case CALLBACKS.VALIDATED_USERNAME_CALLBACK: validatedUsernameCallback(); break; + case CALLBACKS.X509_CERTIFICATE_CALLBACK: x509CertificateCallback(); break; + default: throw new Error('Unknown Callback'); // Should never reach this case + } +} + +main(); +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/Display-Callback.nodeTypes.json 1`] = ` +{ + "nodeTypes": { + "ef81b1a52c914710b3388caebfe7233a-1": { + "_id": "ef81b1a52c914710b3388caebfe7233a-1", + "description": "Displays custom callback to the page", + "displayName": "Display Callback", + "errorOutcome": false, + "inputs": [], + "outcomes": [ + "outcome", + ], + "outputs": [], + "properties": { + "callback": { + "description": "The callback to display", + "multivalued": false, + "options": { + "BOOLEAN_ATTRIBUTE_INPUT_CALLBACK": "booleanAttributeInputCallback", + "CHOICE_CALLBACK": "choiceCallback", + "CONFIRMATION_CALLBACK": "confirmationCallback", + "CONSENT_MAPPING_CALLBACK": "consentMappingCallback", + "DEVICE_PROFILE_CALLBACK": "deviceProfileCallback", + "HIDDEN_VALUE_CALLBACK": "hiddenValueCallback", + "HTTP_CALLBACK": "httpCallback", + "IDP_CALLBACK": "idPCallback", + "KBA_CREATE_CALLBACK": "kbaCreateCallback", + "LANGUAGE_CALLBACK": "languageCallback", + "METADATA_CALLBACK": "metadataCallback", + "NAME_CALLBACK": "nameCallback", + "NUMBER_ATTRIBUTE_INPUT_CALLBACK": "numberAttributeInputCallback", + "PASSWORD_CALLBACK": "passwordCallback", + "POLLING_WAIT_CALLBACK": "pollingWaitCallback", + "REDIRECT_CALLBACK": "redirectCallback", + "SCRIPT_TEXT_OUTPUT_CALLBACK": "scriptTextOutputCallback", + "SELECT_IDP_CALLBACK": "selectIdPCallback", + "STRING_ATTRIBUTE_INPUT_CALLBACK": "stringAttributeInputCallback", + "SUSPENDED_TEXT_OUTPUT_CALLBACK": "suspendedTextOutputCallback", + "TERMS_AND_CONDITIONS_CALLBACK": "termsAndConditionsCallback", + "TEXT_INPUT_CALLBACK": "textInputCallback", + "TEXT_OUTPUT_CALLBACK": "textOutputCallback", + "VALIDATED_PASSWORD_CALLBACK": "validatedPasswordCallback", + "VALIDATED_USERNAME_CALLBACK": "validatedUsernameCallback", + "X509_CERTIFICATE_CALLBACK": "x509CertificateCallback", + }, + "required": true, + "title": "Callback", + "type": "STRING", + }, + "objectSharedProperty": { + "description": "The objectAttributes property on the shared state to put the callback input into (if applicable)", + "multivalued": false, + "required": false, + "title": "Object Attributes Shared Property", + "type": "STRING", + }, + "objectTransientProperty": { + "description": "The objectAttributes property on the transient state to put the callback input into (if applicable)", + "multivalued": false, + "required": false, + "title": "Object Attributes Transient Property", + "type": "STRING", + }, + "options": { + "description": "The options containing the parameters for the callback (see documentation for possible parameters: https://docs.pingidentity.com/pingoneaic/latest/am-scripting/scripting-api-node.html#scripting-api-node-callbacks). + +For example, for textOutputCallback, the options could be: { messageType: 0, message: "Hello World!" }. + +Note that for required parameters that are not specified in the options will use default values based on the type of the parameter ("" for Strings, [] for Arrays, {} for Objects, 0 for Ints, 0.0 for Doubles, and false for Booleans).", + "multivalued": false, + "required": true, + "title": "Options", + "type": "OBJECT", + }, + "sharedProperty": { + "description": "The shared state property to put the callback input into (if applicable)", + "multivalued": false, + "required": false, + "title": "Shared State Property", + "type": "STRING", + }, + "transientProperty": { + "description": "The transient state property to put the callback input into (if applicable)", + "multivalued": false, + "required": false, + "title": "Transient State Property", + "type": "STRING", + }, + }, + "script": "file://Display-Callback.nodeTypes.js", + "serviceName": "ef81b1a52c914710b3388caebfe7233a", + "tags": [ + "callback", + "utilities", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/Display-State.nodeTypes.js 1`] = ` +"var SCRIPT_OUTCOMES = { + OUTCOME: "outcome" +}; + +function main() { + if (!callbacks.isEmpty()) { + action.goTo(SCRIPT_OUTCOMES.OUTCOME); + return; + } + var keySet = nodeState.keys(); // Java Set + var keys = Array.from(keySet); // Make it into JavaScript array + debugState = {}; + for (var i in keys) { + var k = new String(keys[i]); + var item = nodeState.get(k); + if (typeof item === "object") { + debugState[k] = nodeState.getObject(k); + } else { + debugState[k] = nodeState.get(k); + } + } + if (properties.displayFormat === "JSON") { + callbacksBuilder.textOutputCallback(0, \`

\${JSON.stringify(debugState, null, 2)}
\`); + return; + } + callbacksBuilder.textOutputCallback(0, \`\${Array.from(Object.keys(debugState).map(k => \`\`))}
KeyValue
\${k}
\${debugState[k]}
\`); +} + +main(); +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/Display-State.nodeTypes.json 1`] = ` +{ + "nodeTypes": { + "8ab9f1aad4b4460a9c45d15fb148e221-1": { + "_id": "8ab9f1aad4b4460a9c45d15fb148e221-1", + "description": "Debug node that displays the shared and transient state of the journey for debugging purposes.", + "displayName": "Display State", + "errorOutcome": false, + "inputs": [], + "outcomes": [ + "outcome", + ], + "outputs": [], + "properties": { + "displayFormat": { + "defaultValue": "TABLE", + "description": "The format in which to display the states.", + "multivalued": false, + "options": { + "JSON": "Raw JSON", + "TABLE": "HTML Table", + }, + "required": true, + "title": "Display Format", + "type": "STRING", + }, + }, + "script": "file://Display-State.nodeTypes.js", + "serviceName": "8ab9f1aad4b4460a9c45d15fb148e221", + "tags": [ + "debug", + "testing", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/Generate-JWT.nodeTypes.js 1`] = ` +"var aud = properties.audience; +var iss = properties.issuer; +var validity = properties.validity; +var esv = properties.signingkey; + +var signingkey = systemEnv.getProperty(esv); + +var username = nodeState.get("username"); + +var data = { + jwtType:"SIGNED", + jwsAlgorithm: "HS256", + issuer: iss, + subject: username, + audience: aud, + type: "JWT", + validityMinutes: validity, + signingKey: signingkey +}; + +var jwt = jwtAssertion.generateJwt(data); + +if (jwt !== null && jwt.length > 0) { + nodeState.putShared("assertionJwt" , jwt); + action.goTo("True"); +} else { + action.goTo("False"); +} +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/Generate-JWT.nodeTypes.json 1`] = ` +{ + "nodeTypes": { + "e5ad0110c8ee4dafaae983003cd05d4a-1": { + "_id": "e5ad0110c8ee4dafaae983003cd05d4a-1", + "description": "Generate a signed JWT using the HMAC SHA-256 algorithm.", + "displayName": "Generate JWT", + "errorOutcome": true, + "inputs": [], + "outcomes": [ + "True", + "False", + ], + "outputs": [], + "properties": { + "audience": { + "description": "The audience (aud) claim", + "multivalued": false, + "required": true, + "title": "Audience", + "type": "STRING", + }, + "issuer": { + "description": "The issuer (iss) claim", + "multivalued": false, + "required": true, + "title": "Issuer", + "type": "STRING", + }, + "signingkey": { + "defaultValue": "esv.signing.key", + "description": "The secret label for the HMAC signing key", + "multivalued": false, + "required": true, + "title": "HMAC Signing Key", + "type": "STRING", + }, + "validity": { + "defaultValue": 5, + "description": "", + "multivalued": false, + "required": true, + "title": "Validity (minutes)", + "type": "NUMBER", + }, + }, + "script": "file://Generate-JWT.nodeTypes.js", + "serviceName": "e5ad0110c8ee4dafaae983003cd05d4a", + "tags": [ + "Utilities", + "utilities", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/Has-Session.nodeTypes.js 1`] = ` +"var SCRIPT_OUTCOMES = { + TRUE: 'True', + FALSE: 'False' +} + +function main() { + action.goTo(typeof existingSession === "undefined" ? SCRIPT_OUTCOMES.FALSE : SCRIPT_OUTCOMES.TRUE); +} + +main(); +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/Has-Session.nodeTypes.json 1`] = ` +{ + "nodeTypes": { + "c605506774a848f7877b4d17a453bd39-1": { + "_id": "c605506774a848f7877b4d17a453bd39-1", + "description": "Checks if the user has a current session.", + "displayName": "Has Session", + "errorOutcome": false, + "inputs": [], + "outcomes": [ + "True", + "False", + ], + "outputs": [], + "properties": {}, + "script": "file://Has-Session.nodeTypes.js", + "serviceName": "c605506774a848f7877b4d17a453bd39", + "tags": [ + "utilities", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/Has-Session-AM.nodeTypes.js 1`] = ` +"var SCRIPT_OUTCOMES = { + TRUE: 'True', + FALSE: 'False' +} + +function main() { + action.goTo(typeof existingSession === "undefined" ? SCRIPT_OUTCOMES.FALSE : SCRIPT_OUTCOMES.TRUE); +} + +main(); +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/Has-Session-AM.nodeTypes.json 1`] = ` +{ + "nodeTypes": { + "session-1": { + "_id": "session-1", + "description": "Checks if the user has a current session.", + "displayName": "Has Session AM", + "errorOutcome": false, + "inputs": [], + "outcomes": [ + "True", + "False", + ], + "outputs": [], + "properties": {}, + "script": "file://Has-Session-AM.nodeTypes.js", + "serviceName": "session", + "tags": [ + "utilities", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/Vector-ALU.nodeTypes.js 1`] = ` +"var SCRIPT_OUTCOMES = { + SUCCESS: 'Success' +}; + +var OPERATORS = { + ADD: "ADD", + SUBTRACT: "SUBTRACT", + DOT: "DOT", + CROSS: "CROSS" +} + +function add(a, b) { + return a.map((v, i) => v + b[i]); +} + +function subtract(a, b) { + return a.map((v, i) => v - b[i]); +} + +function dot(a, b) { + return a.reduce((sum, v, i) => sum + v * b[i], 0); +} + +function cross(a, b) { + return [ + a[1] * b[2] - a[2] * b[1], + a[2] * b[0] - a[0] * b[2], + a[0] * b[1] - a[1] * b[0] + ]; +} + +function main() { + if (properties.a.length !== properties.b.length) throw new Error("Vectors not the same dimension."); + switch (properties.operator) { + case OPERATORS.ADD: + nodeState.putShared("c", add(properties.a, properties.b)); + break; + case OPERATORS.SUBTRACT: + nodeState.putShared("c", subtract(properties.a, properties.b)); + break; + case OPERATORS.DOT: + nodeState.putShared("c", dot(properties.a, properties.b)); + break; + case OPERATORS.CROSS: + if (properties.a.length !== 3) throw new Error("Vectors not dimension 3 for cross product"); + nodeState.putShared("c", cross(properties.a, properties.b)); + break; + default: throw new Error("Unknown operator."); + } + action.goTo(SCRIPT_OUTCOMES.SUCCESS); +} + +main(); +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/nodeTypes/Vector-ALU.nodeTypes.json 1`] = ` +{ + "nodeTypes": { + "c15e2efb3deb4d4ea338c74a6440b69f-1": { + "_id": "c15e2efb3deb4d4ea338c74a6440b69f-1", + "description": "Simple ALU that performs basic binary vector math operations. Outputs the result onto the shared state with key "c".", + "displayName": "Vector ALU", + "errorOutcome": true, + "inputs": [], + "outcomes": [ + "Success", + ], + "outputs": [ + "c", + ], + "properties": { + "a": { + "defaultValue": [ + 1, + 2, + 3, + ], + "description": "Left vector operand", + "multivalued": true, + "required": true, + "title": "A", + "type": "NUMBER", + }, + "b": { + "defaultValue": [ + 4, + 5, + 6, + ], + "description": "Right vector operand", + "multivalued": true, + "required": true, + "title": "B", + "type": "NUMBER", + }, + "operator": { + "defaultValue": "DOT", + "description": "The binary operation to perform on the vectors.", + "multivalued": false, + "options": { + "ADD": "+", + "CROSS": "X", + "DOT": ".", + "SUBTRACT": "-", + }, + "required": true, + "title": "Operator", + "type": "STRING", + }, + }, + "script": "file://Vector-ALU.nodeTypes.js", + "serviceName": "c15e2efb3deb4d4ea338c74a6440b69f", + "tags": [ + "math", + "vector", + "utilities", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/realm/first.realm.json 1`] = ` +{ + "realm": { + "L2ZpcnN0": { + "_id": "L2ZpcnN0", + "active": true, + "aliases": [ + "one", + "dnsfirst", + ], + "name": "first", + "parentPath": "/", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/realm/firstsecond.realm.json 1`] = ` +{ + "realm": { + "L2ZpcnN0L3NlY29uZA": { + "_id": "L2ZpcnN0L3NlY29uZA", + "active": false, + "aliases": [ + "secondDNS", + "second", + ], + "name": "second", + "parentPath": "/first", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/realm/root.realm.json 1`] = ` +{ + "realm": { + "Lw": { + "_id": "Lw", + "active": true, + "aliases": [ + "localhost", + "openam-frodo-dev.classic.com", + "openam", + "testurl.com", + ], + "name": "/", + "parentPath": "", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/AUTHENTICATION_CLIENT_SIDE.scripttype.json 1`] = ` +{ + "scripttype": { + "AUTHENTICATION_CLIENT_SIDE": { + "_id": "AUTHENTICATION_CLIENT_SIDE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "AUTHENTICATION_CLIENT_SIDE", + "allowLists": {}, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "[Empty]", + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/AUTHENTICATION_SERVER_SIDE.scripttype.json 1`] = ` +{ + "scripttype": { + "AUTHENTICATION_SERVER_SIDE": { + "_id": "AUTHENTICATION_SERVER_SIDE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "AUTHENTICATION_SERVER_SIDE", + "allowLists": { + "1.0": [ + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.HashMap$KeyIterator", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.HashMap$KeyIterator", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "7e3d7067-d50f-4674-8c76-a3e13a810c33", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.HashMap$KeyIterator", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/AUTHENTICATION_TREE_DECISION_NODE.scripttype.json 1`] = ` +{ + "scripttype": { + "AUTHENTICATION_TREE_DECISION_NODE": { + "_id": "AUTHENTICATION_TREE_DECISION_NODE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "AUTHENTICATION_TREE_DECISION_NODE", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.concurrent.TimeUnit", + "java.util.Collections$*", + "java.util.HashSet", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "ch.qos.logback.classic.Logger", + "org.forgerock.util.promise.Promises$*", + "com.sun.proxy.$*", + "java.util.Date", + "java.security.spec.InvalidKeySpecException", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + "2.0", + ], + }, + }, + "defaultScript": "01e1a3c0-038b-4c16-956a-6c9d89328cff", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/CONFIG_PROVIDER_NODE.scripttype.json 1`] = ` +{ + "scripttype": { + "CONFIG_PROVIDER_NODE": { + "_id": "CONFIG_PROVIDER_NODE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "CONFIG_PROVIDER_NODE", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "5e854779-6ec1-4c39-aeba-0477e0986646", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/LIBRARY.scripttype.json 1`] = ` +{ + "scripttype": { + "LIBRARY": { + "_id": "LIBRARY", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "LIBRARY", + "allowLists": { + "1.0": [ + "java.lang.Float", + "org.forgerock.http.protocol.Header", + "java.lang.Integer", + "org.forgerock.http.Client", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Long", + "java.lang.Short", + "java.util.Map", + "org.forgerock.http.client.*", + "java.lang.Math", + "org.forgerock.opendj.ldap.Dn", + "java.lang.Byte", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "java.lang.StrictMath", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.http.Context", + "java.lang.Void", + "org.codehaus.groovy.runtime.GStringImpl", + "groovy.json.JsonSlurper", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.context.RootContext", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "java.util.List", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Responses", + "org.forgerock.util.promise.Promise", + "java.util.HashMap$KeyIterator", + "com.sun.identity.shared.debug.Debug", + "java.lang.Double", + "org.forgerock.http.protocol.Headers", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.http.protocol.Status", + "java.util.HashMap", + "java.lang.Character$Subset", + "java.util.TreeSet", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.LinkedHashMap", + "org.forgerock.http.protocol.ResponseException", + "java.util.Collections$UnmodifiableRandomAccessList", + "org.forgerock.http.protocol.Message", + "java.lang.Boolean", + "java.lang.String", + "java.lang.Number", + "java.util.LinkedList", + "java.util.LinkedHashSet", + "org.forgerock.http.protocol.Response", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.TreeMap", + "java.util.Collections$EmptyList", + "org.forgerock.openam.scripting.api.ScriptedSession", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.http.Handler", + "java.lang.Object", + "org.forgerock.http.protocol.Form", + "jdk.proxy*", + ], + "2.0": [ + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "JAVASCRIPT": [ + "2.0", + ], + }, + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.lang.Class", + "java.security.AccessController", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Float", + "org.forgerock.http.protocol.Header", + "java.lang.Integer", + "org.forgerock.http.Client", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Long", + "java.lang.Short", + "java.util.Map", + "org.forgerock.http.client.*", + "java.lang.Math", + "org.forgerock.opendj.ldap.Dn", + "java.lang.Byte", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "java.lang.StrictMath", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.http.Context", + "java.lang.Void", + "org.codehaus.groovy.runtime.GStringImpl", + "groovy.json.JsonSlurper", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.context.RootContext", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "java.util.List", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Responses", + "org.forgerock.util.promise.Promise", + "java.util.HashMap$KeyIterator", + "com.sun.identity.shared.debug.Debug", + "java.lang.Double", + "org.forgerock.http.protocol.Headers", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.http.protocol.Status", + "java.util.HashMap", + "java.lang.Character$Subset", + "java.util.TreeSet", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.LinkedHashMap", + "org.forgerock.http.protocol.ResponseException", + "java.util.Collections$UnmodifiableRandomAccessList", + "org.forgerock.http.protocol.Message", + "java.lang.Boolean", + "java.lang.String", + "java.lang.Number", + "java.util.LinkedList", + "java.util.LinkedHashSet", + "org.forgerock.http.protocol.Response", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.TreeMap", + "java.util.Collections$EmptyList", + "org.forgerock.openam.scripting.api.ScriptedSession", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.http.Handler", + "java.lang.Object", + "org.forgerock.http.protocol.Form", + ], + }, + "languages": [ + "JAVASCRIPT", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/OAUTH2_ACCESS_TOKEN_MODIFICATION.scripttype.json 1`] = ` +{ + "scripttype": { + "OAUTH2_ACCESS_TOKEN_MODIFICATION": { + "_id": "OAUTH2_ACCESS_TOKEN_MODIFICATION", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_ACCESS_TOKEN_MODIFICATION", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER.scripttype.json 1`] = ` +{ + "scripttype": { + "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER": { + "_id": "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/OAUTH2_EVALUATE_SCOPE.scripttype.json 1`] = ` +{ + "scripttype": { + "OAUTH2_EVALUATE_SCOPE": { + "_id": "OAUTH2_EVALUATE_SCOPE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_EVALUATE_SCOPE", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/OAUTH2_MAY_ACT.scripttype.json 1`] = ` +{ + "scripttype": { + "OAUTH2_MAY_ACT": { + "_id": "OAUTH2_MAY_ACT", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_MAY_ACT", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/OAUTH2_SCRIPTED_JWT_ISSUER.scripttype.json 1`] = ` +{ + "scripttype": { + "OAUTH2_SCRIPTED_JWT_ISSUER": { + "_id": "OAUTH2_SCRIPTED_JWT_ISSUER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_SCRIPTED_JWT_ISSUER", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "400e48ba-3f13-4144-ac7b-f824ea8e98c5", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/OAUTH2_VALIDATE_SCOPE.scripttype.json 1`] = ` +{ + "scripttype": { + "OAUTH2_VALIDATE_SCOPE": { + "_id": "OAUTH2_VALIDATE_SCOPE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OAUTH2_VALIDATE_SCOPE", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.InvalidScopeException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.InvalidScopeException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.InvalidScopeException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/OIDC_CLAIMS.scripttype.json 1`] = ` +{ + "scripttype": { + "OIDC_CLAIMS": { + "_id": "OIDC_CLAIMS", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "OIDC_CLAIMS", + "allowLists": { + "1.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + "2.0": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/POLICY_CONDITION.scripttype.json 1`] = ` +{ + "scripttype": { + "POLICY_CONDITION": { + "_id": "POLICY_CONDITION", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "POLICY_CONDITION", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "java.util.Collections$EmptyList", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "9de3eb62-f131-4fac-a294-7bd170fd4acb", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "java.util.Collections$EmptyList", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/SAML2_IDP_ADAPTER.scripttype.json 1`] = ` +{ + "scripttype": { + "SAML2_IDP_ADAPTER": { + "_id": "SAML2_IDP_ADAPTER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "SAML2_IDP_ADAPTER", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "com.sun.identity.saml2.plugins.scripted.IdpAdapterScriptHelper", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.sun.identity.common.CaseInsensitiveHashMap", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "org.forgerock.util.promise.PromiseImpl", + "javax.servlet.http.Cookie", + "org.xml.sax.InputSource", + "java.security.cert.CertificateFactory", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "248b8a56-df81-4b1b-b4ba-45d994f6504c", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "com.sun.identity.saml2.plugins.scripted.IdpAdapterScriptHelper", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/SAML2_IDP_ATTRIBUTE_MAPPER.scripttype.json 1`] = ` +{ + "scripttype": { + "SAML2_IDP_ATTRIBUTE_MAPPER": { + "_id": "SAML2_IDP_ATTRIBUTE_MAPPER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "SAML2_IDP_ATTRIBUTE_MAPPER", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "javax.servlet.http.Cookie", + "javax.xml.parsers.DocumentBuilder", + "javax.xml.parsers.DocumentBuilderFactory", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.w3c.dom.Document", + "org.w3c.dom.Element", + "org.xml.sax.InputSource", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.sun.identity.common.CaseInsensitiveHashMap", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "org.forgerock.util.promise.PromiseImpl", + "javax.servlet.http.Cookie", + "org.xml.sax.InputSource", + "java.security.cert.CertificateFactory", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "c4f22465-2368-4e27-8013-e6399974fd48", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "javax.servlet.http.Cookie", + "javax.xml.parsers.DocumentBuilder", + "javax.xml.parsers.DocumentBuilderFactory", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.w3c.dom.Document", + "org.w3c.dom.Element", + "org.xml.sax.InputSource", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/SAML2_SP_ADAPTER.scripttype.json 1`] = ` +{ + "scripttype": { + "SAML2_SP_ADAPTER": { + "_id": "SAML2_SP_ADAPTER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "SAML2_SP_ADAPTER", + "allowLists": { + "1.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "com.sun.identity.saml2.plugins.scripted.SpAdapterScriptHelper", + "jdk.proxy*", + ], + "2.0": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.sun.identity.common.CaseInsensitiveHashMap", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "org.forgerock.util.promise.PromiseImpl", + "javax.servlet.http.Cookie", + "org.xml.sax.InputSource", + "java.security.cert.CertificateFactory", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "sun.security.ec.ECPrivateKeyImpl", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "69f06e63-128c-4e2f-af52-079a8a6f448b", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "com.sun.identity.saml2.common.SAML2Exception", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "com.sun.identity.saml2.plugins.scripted.SpAdapterScriptHelper", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/scripttype/SOCIAL_IDP_PROFILE_TRANSFORMATION.scripttype.json 1`] = ` +{ + "scripttype": { + "SOCIAL_IDP_PROFILE_TRANSFORMATION": { + "_id": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext", + }, + "context": { + "_id": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "allowLists": { + "1.0": [ + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$Node", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Response", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.oauth.clients.oidc.Claim", + "java.util.Locale", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + "2.0": [ + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$Node", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Response", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.oauth.clients.oidc.Claim", + "java.util.Locale", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "evaluatorVersions": { + "GROOVY": [ + "1.0", + ], + "JAVASCRIPT": [ + "1.0", + ], + }, + }, + "defaultScript": "1d475815-72cb-42eb-aafd-4026989d28a7", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration", + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*", + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$Node", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Response", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.oauth.clients.oidc.Claim", + "java.util.Locale", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "jdk.proxy*", + ], + }, + "languages": [ + "JAVASCRIPT", + "GROOVY", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/secretstore/EnvironmentAndSystemPropertySecretStore.secretstore.json 1`] = ` +{ + "secretstore": { + "EnvironmentAndSystemPropertySecretStore": { + "_id": "EnvironmentAndSystemPropertySecretStore", + "_type": { + "_id": "EnvironmentAndSystemPropertySecretStore", + "collection": false, + "name": "Environment and System Property Secrets Store", + }, + "format": "BASE64", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/secretstore/default-keystore.secretstore.json 1`] = ` +{ + "secretstore": { + "default-keystore": { + "_id": "default-keystore", + "_type": { + "_id": "KeyStoreSecretStore", + "collection": true, + "name": "Keystore", + }, + "file": "/root/am/security/keystores/keystore.jceks", + "keyEntryPassword": "entrypass", + "leaseExpiryDuration": 5, + "mappings": [ + { + "_id": "am.applications.agents.remote.consent.request.signing.ES256", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es256test", + ], + "secretId": "am.applications.agents.remote.consent.request.signing.ES256", + }, + { + "_id": "am.applications.agents.remote.consent.request.signing.ES384", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es384test", + ], + "secretId": "am.applications.agents.remote.consent.request.signing.ES384", + }, + { + "_id": "am.applications.agents.remote.consent.request.signing.ES512", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es512test", + ], + "secretId": "am.applications.agents.remote.consent.request.signing.ES512", + }, + { + "_id": "am.applications.agents.remote.consent.request.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.applications.agents.remote.consent.request.signing.RSA", + }, + { + "_id": "am.authentication.nodes.persistentcookie.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.authentication.nodes.persistentcookie.encryption", + }, + { + "_id": "am.authn.authid.signing.HMAC", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.authn.authid.signing.HMAC", + }, + { + "_id": "am.authn.trees.transientstate.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "directenctest", + ], + "secretId": "am.authn.trees.transientstate.encryption", + }, + { + "_id": "am.default.applications.federation.entity.providers.saml2.idp.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.default.applications.federation.entity.providers.saml2.idp.encryption", + }, + { + "_id": "am.default.applications.federation.entity.providers.saml2.idp.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.default.applications.federation.entity.providers.saml2.idp.signing", + }, + { + "_id": "am.default.applications.federation.entity.providers.saml2.sp.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.default.applications.federation.entity.providers.saml2.sp.encryption", + }, + { + "_id": "am.default.applications.federation.entity.providers.saml2.sp.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.default.applications.federation.entity.providers.saml2.sp.signing", + }, + { + "_id": "am.default.authentication.modules.persistentcookie.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.default.authentication.modules.persistentcookie.encryption", + }, + { + "_id": "am.default.authentication.modules.persistentcookie.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.default.authentication.modules.persistentcookie.signing", + }, + { + "_id": "am.default.authentication.nodes.persistentcookie.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.default.authentication.nodes.persistentcookie.signing", + }, + { + "_id": "am.global.services.oauth2.oidc.agent.idtoken.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.global.services.oauth2.oidc.agent.idtoken.signing", + }, + { + "_id": "am.global.services.saml2.client.storage.jwt.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "directenctest", + ], + "secretId": "am.global.services.saml2.client.storage.jwt.encryption", + }, + { + "_id": "am.global.services.session.clientbased.encryption.AES", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "aestest", + ], + "secretId": "am.global.services.session.clientbased.encryption.AES", + }, + { + "_id": "am.global.services.session.clientbased.signing.HMAC", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.global.services.session.clientbased.signing.HMAC", + }, + { + "_id": "am.services.iot.jwt.issuer.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.services.iot.jwt.issuer.signing", + }, + { + "_id": "am.services.oauth2.jwt.authenticity.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.services.oauth2.jwt.authenticity.signing", + }, + { + "_id": "am.services.oauth2.oidc.decryption.RSA.OAEP", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.oidc.decryption.RSA.OAEP", + }, + { + "_id": "am.services.oauth2.oidc.decryption.RSA.OAEP.256", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.oidc.decryption.RSA.OAEP.256", + }, + { + "_id": "am.services.oauth2.oidc.decryption.RSA1.5", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.oidc.decryption.RSA1.5", + }, + { + "_id": "am.services.oauth2.oidc.rp.idtoken.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.oidc.rp.idtoken.encryption", + }, + { + "_id": "am.services.oauth2.oidc.rp.jwt.authenticity.signing", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.oauth2.oidc.rp.jwt.authenticity.signing", + }, + { + "_id": "am.services.oauth2.oidc.signing.ES256", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es256test", + ], + "secretId": "am.services.oauth2.oidc.signing.ES256", + }, + { + "_id": "am.services.oauth2.oidc.signing.ES384", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es384test", + ], + "secretId": "am.services.oauth2.oidc.signing.ES384", + }, + { + "_id": "am.services.oauth2.oidc.signing.ES512", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es512test", + ], + "secretId": "am.services.oauth2.oidc.signing.ES512", + }, + { + "_id": "am.services.oauth2.oidc.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.oauth2.oidc.signing.RSA", + }, + { + "_id": "am.services.oauth2.remote.consent.request.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "selfserviceenctest", + ], + "secretId": "am.services.oauth2.remote.consent.request.encryption", + }, + { + "_id": "am.services.oauth2.remote.consent.response.decryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "test", + ], + "secretId": "am.services.oauth2.remote.consent.response.decryption", + }, + { + "_id": "am.services.oauth2.remote.consent.response.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.oauth2.remote.consent.response.signing.RSA", + }, + { + "_id": "am.services.oauth2.stateless.signing.ES256", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es256test", + ], + "secretId": "am.services.oauth2.stateless.signing.ES256", + }, + { + "_id": "am.services.oauth2.stateless.signing.ES384", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es384test", + ], + "secretId": "am.services.oauth2.stateless.signing.ES384", + }, + { + "_id": "am.services.oauth2.stateless.signing.ES512", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "es512test", + ], + "secretId": "am.services.oauth2.stateless.signing.ES512", + }, + { + "_id": "am.services.oauth2.stateless.signing.HMAC", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "hmacsigningtest", + ], + "secretId": "am.services.oauth2.stateless.signing.HMAC", + }, + { + "_id": "am.services.oauth2.stateless.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.oauth2.stateless.signing.RSA", + }, + { + "_id": "am.services.oauth2.stateless.token.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "directenctest", + ], + "secretId": "am.services.oauth2.stateless.token.encryption", + }, + { + "_id": "am.services.saml2.metadata.signing.RSA", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "rsajwtsigningkey", + ], + "secretId": "am.services.saml2.metadata.signing.RSA", + }, + { + "_id": "am.services.uma.pct.encryption", + "_type": { + "_id": "mappings", + "collection": true, + "name": "Mappings", + }, + "aliases": [ + "directenctest", + ], + "secretId": "am.services.uma.pct.encryption", + }, + ], + "providerName": "SunJCE", + "storePassword": "storepass", + "storetype": "JCEKS", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/secretstore/default-passwords-store.secretstore.json 1`] = ` +{ + "secretstore": { + "default-passwords-store": { + "_id": "default-passwords-store", + "_type": { + "_id": "FileSystemSecretStore", + "collection": true, + "name": "File System Secret Volumes", + }, + "directory": "/root/am/security/secrets/encrypted", + "format": "ENCRYPTED_PLAIN", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/01.server.json 1`] = ` +{ + "defaultProperties": { + "advanced": "file://default/advanced.default.properties.server.json", + "cts": "file://default/cts.default.properties.server.json", + "general": "file://default/general.default.properties.server.json", + "sdk": "file://default/sdk.default.properties.server.json", + "security": "file://default/security.default.properties.server.json", + "session": "file://default/session.default.properties.server.json", + "uma": "file://default/uma.default.properties.server.json", + }, + "server": { + "01": { + "_id": "01", + "properties": { + "advanced": "file://01/advanced.properties.server.json", + "cts": "file://01/cts.properties.server.json", + "directoryConfiguration": "file://01/directoryConfiguration.properties.server.json", + "general": "file://01/general.properties.server.json", + "sdk": "file://01/sdk.properties.server.json", + "security": "file://01/security.properties.server.json", + "session": "file://01/session.properties.server.json", + "uma": "file://01/uma.properties.server.json", + }, + "siteName": null, + "url": "http://localhost:8080/am", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/01/advanced.properties.server.json 1`] = ` +{ + "_id": "01/properties/advanced", + "bootstrap.file": "/root/.openamcfg/AMConfig_usr_local_tomcat_webapps_am_", + "com.iplanet.am.lbcookie.value": "01", + "com.iplanet.am.serverMode": true, + "com.iplanet.security.SSLSocketFactoryImpl": "com.sun.identity.shared.ldap.factory.JSSESocketFactory", + "com.sun.embedded.replicationport": "", + "com.sun.embedded.sync.servers": "on", + "com.sun.identity.common.systemtimerpool.size": "3", + "com.sun.identity.sm.sms_object_class_name": "com.sun.identity.sm.SmsWrapperObject", + "com.sun.identity.urlconnection.useCache": false, + "opensso.protocol.handler.pkgs": "", + "org.forgerock.embedded.dsadminport": "4444", +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/01/cts.properties.server.json 1`] = ` +{ + "_id": "01/properties/cts", + "amconfig.org.forgerock.services.cts.store.common.section": { + "org.forgerock.services.cts.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.cts.store.max.connections": { + "inherited": true, + "value": "100", + }, + "org.forgerock.services.cts.store.page.size": { + "inherited": true, + "value": "0", + }, + "org.forgerock.services.cts.store.root.suffix": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.vlv.page.size": { + "inherited": true, + "value": "1000", + }, + }, + "amconfig.org.forgerock.services.cts.store.external.section": { + "org.forgerock.services.cts.store.affinity.enabled": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.cts.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/01/directoryConfiguration.properties.server.json 1`] = ` +{ + "_id": "01/properties/directoryConfiguration", + "directoryConfiguration": { + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "maxConnectionPool": 10, + "minConnectionPool": 1, + "mtlsAlias": "", + "mtlsEnabled": false, + "mtlsKeyPasswordFile": "", + "mtlsKeyStoreFile": "", + "mtlsKeyStorePasswordFile": "", + "mtlsKeyStoreType": null, + }, + "directoryServers": [ + { + "connectionType": "SSL", + "hostName": "localhost", + "portNumber": "50636", + "serverName": "Server1", + }, + ], +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/01/general.properties.server.json 1`] = ` +{ + "_id": "01/properties/general", + "amconfig.header.debug": { + "com.iplanet.services.debug.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/debug", + }, + "com.iplanet.services.debug.level": { + "inherited": true, + "value": "off", + }, + "com.sun.services.debug.mergeall": { + "inherited": true, + "value": "on", + }, + }, + "amconfig.header.installdir": { + "com.iplanet.am.locale": { + "inherited": false, + "value": "en_US", + }, + "com.iplanet.am.util.xml.validating": { + "inherited": true, + "value": "off", + }, + "com.iplanet.services.configpath": { + "inherited": false, + "value": "/root/am", + }, + "com.sun.identity.client.notification.url": { + "inherited": true, + "value": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", + }, + }, + "amconfig.header.mailserver": { + "com.iplanet.am.smtphost": { + "inherited": true, + "value": "localhost", + }, + "com.iplanet.am.smtpport": { + "inherited": true, + "value": "25", + }, + }, + "amconfig.header.site": { + "singleChoiceSite": "[Empty]", + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/01/sdk.properties.server.json 1`] = ` +{ + "_id": "01/properties/sdk", + "amconfig.header.cachingreplica": { + "com.iplanet.am.sdk.cache.maxSize": { + "inherited": true, + "value": "10000", + }, + }, + "amconfig.header.datastore": { + "com.sun.identity.sm.enableDataStoreNotification": { + "inherited": false, + "value": true, + }, + "com.sun.identity.sm.notification.threadpool.size": { + "inherited": true, + "value": "1", + }, + }, + "amconfig.header.eventservice": { + "com.iplanet.am.event.connection.delay.between.retries": { + "inherited": true, + "value": "3000", + }, + "com.iplanet.am.event.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.event.connection.num.retries": { + "inherited": true, + "value": "3", + }, + "com.sun.am.event.connection.disable.list": { + "inherited": false, + "value": "aci,um", + }, + }, + "amconfig.header.ldapconnection": { + "com.iplanet.am.ldap.connection.delay.between.retries": { + "inherited": true, + "value": "1000", + }, + "com.iplanet.am.ldap.connection.ldap.error.codes.retries": { + "inherited": false, + "value": "80,81,91", + }, + "com.iplanet.am.ldap.connection.num.retries": { + "inherited": true, + "value": "3", + }, + }, + "amconfig.header.sdktimetoliveconfig": { + "com.iplanet.am.sdk.cache.entry.default.expire.time": { + "inherited": true, + "value": "30", + }, + "com.iplanet.am.sdk.cache.entry.expire.enabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.sdk.cache.entry.user.expire.time": { + "inherited": true, + "value": "15", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/01/security.properties.server.json 1`] = ` +{ + "_id": "01/properties/security", + "amconfig.header.cookie": { + "com.iplanet.am.cookie.encode": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.cookie.name": { + "inherited": true, + "value": "iPlanetDirectoryPro", + }, + "com.iplanet.am.cookie.secure": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.crlcache": { + "com.sun.identity.crl.cache.directory.host": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.mtlsenabled": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.password": { + "inherited": true, + "value": null, + }, + "com.sun.identity.crl.cache.directory.port": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchattr": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchlocs": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.ssl": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.user": { + "inherited": true, + "value": "", + }, + }, + "amconfig.header.deserialisationwhitelist": { + "openam.deserialisation.classes.whitelist": { + "inherited": true, + "value": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", + }, + }, + "amconfig.header.encryption": { + "am.encryption.pwd": { + "inherited": false, + "value": "efSYcwIhr7uKH30rgciGTVTFzb63LhYu", + }, + "am.encryption.secret.alias": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.enabled": { + "inherited": true, + "value": false, + }, + "am.encryption.secret.keyPass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreFile": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystorePass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreType": { + "inherited": true, + "value": "JCEKS", + }, + "com.iplanet.security.SecureRandomFactoryImpl": { + "inherited": true, + "value": "com.iplanet.am.util.SecureRandomFactoryImpl", + }, + "com.iplanet.security.encryptor": { + "inherited": true, + "value": "com.iplanet.services.util.JCEEncryption", + }, + }, + "amconfig.header.ocsp.check": { + "com.sun.identity.authentication.ocsp.responder.nickname": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocsp.responder.url": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocspCheck": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.securitykey": { + "com.sun.identity.saml.xmlsig.certalias": { + "inherited": true, + "value": "test", + }, + "com.sun.identity.saml.xmlsig.keypass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.keypass", + }, + "com.sun.identity.saml.xmlsig.keystore": { + "inherited": true, + "value": "%BASE_DIR%/security/keystores/keystore.jceks", + }, + "com.sun.identity.saml.xmlsig.storepass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.storepass", + }, + "com.sun.identity.saml.xmlsig.storetype": { + "inherited": true, + "value": "JCEKS", + }, + }, + "amconfig.header.validation": { + "com.iplanet.am.clientIPCheckEnabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.services.comm.server.pllrequest.maxContentLength": { + "inherited": true, + "value": "16384", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/01/session.properties.server.json 1`] = ` +{ + "_id": "01/properties/session", + "amconfig.header.sessionlogging": { + "com.iplanet.am.stats.interval": { + "inherited": true, + "value": "60", + }, + "com.iplanet.services.stats.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/stats", + }, + "com.iplanet.services.stats.state": { + "inherited": true, + "value": "file", + }, + "com.sun.am.session.enableHostLookUp": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.sessionnotification": { + "com.iplanet.am.notification.threadpool.size": { + "inherited": true, + "value": "10", + }, + "com.iplanet.am.notification.threadpool.threshold": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionthresholds": { + "com.iplanet.am.session.invalidsessionmaxtime": { + "inherited": true, + "value": "3", + }, + "org.forgerock.openam.session.service.access.persistence.caching.maxsize": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionvalidation": { + "com.sun.am.session.caseInsensitiveDN": { + "inherited": true, + "value": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/01/uma.properties.server.json 1`] = ` +{ + "_id": "01/properties/uma", + "amconfig.org.forgerock.services.resourcesets.store.common.section": { + "org.forgerock.services.resourcesets.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.resourcesets.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.resourcesets.store.external.section": { + "org.forgerock.services.resourcesets.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.resourcesets.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.common.section": { + "org.forgerock.services.uma.labels.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.labels.store.max.connections": { + "inherited": true, + "value": "2", + }, + "org.forgerock.services.uma.labels.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.external.section": { + "org.forgerock.services.uma.labels.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.labels.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.labels.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { + "org.forgerock.services.uma.pendingrequests.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.pendingrequests.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { + "org.forgerock.services.uma.pendingrequests.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.common.section": { + "org.forgerock.services.umaaudit.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.umaaudit.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.external.section": { + "org.forgerock.services.umaaudit.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.umaaudit.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/03.server.json 1`] = ` +{ + "defaultProperties": { + "advanced": "file://default/advanced.default.properties.server.json", + "cts": "file://default/cts.default.properties.server.json", + "general": "file://default/general.default.properties.server.json", + "sdk": "file://default/sdk.default.properties.server.json", + "security": "file://default/security.default.properties.server.json", + "session": "file://default/session.default.properties.server.json", + "uma": "file://default/uma.default.properties.server.json", + }, + "server": { + "03": { + "_id": "03", + "properties": { + "advanced": "file://03/advanced.properties.server.json", + "cts": "file://03/cts.properties.server.json", + "directoryConfiguration": "file://03/directoryConfiguration.properties.server.json", + "general": "file://03/general.properties.server.json", + "sdk": "file://03/sdk.properties.server.json", + "security": "file://03/security.properties.server.json", + "session": "file://03/session.properties.server.json", + "uma": "file://03/uma.properties.server.json", + }, + "siteName": "testsite", + "url": "http://localhost:8081/am", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/03/advanced.properties.server.json 1`] = ` +{ + "_id": "03/properties/advanced", + "com.iplanet.am.lbcookie.value": "03", +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/03/cts.properties.server.json 1`] = ` +{ + "_id": "03/properties/cts", + "amconfig.org.forgerock.services.cts.store.common.section": { + "org.forgerock.services.cts.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.cts.store.max.connections": { + "inherited": true, + "value": "100", + }, + "org.forgerock.services.cts.store.page.size": { + "inherited": true, + "value": "0", + }, + "org.forgerock.services.cts.store.root.suffix": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.vlv.page.size": { + "inherited": true, + "value": "1000", + }, + }, + "amconfig.org.forgerock.services.cts.store.external.section": { + "org.forgerock.services.cts.store.affinity.enabled": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.cts.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/03/directoryConfiguration.properties.server.json 1`] = ` +{ + "_id": "03/properties/directoryConfiguration", + "directoryConfiguration": { + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "maxConnectionPool": 10, + "minConnectionPool": 1, + "mtlsAlias": "", + "mtlsEnabled": false, + "mtlsKeyPasswordFile": "", + "mtlsKeyStoreFile": "", + "mtlsKeyStorePasswordFile": "", + "mtlsKeyStoreType": null, + }, + "directoryServers": [ + { + "connectionType": "SSL", + "hostName": "localhost", + "portNumber": "50636", + "serverName": "Server1", + }, + ], +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/03/general.properties.server.json 1`] = ` +{ + "_id": "03/properties/general", + "amconfig.header.debug": { + "com.iplanet.services.debug.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/debug", + }, + "com.iplanet.services.debug.level": { + "inherited": true, + "value": "off", + }, + "com.sun.services.debug.mergeall": { + "inherited": true, + "value": "on", + }, + }, + "amconfig.header.installdir": { + "com.iplanet.am.locale": { + "inherited": true, + "value": "en_US", + }, + "com.iplanet.am.util.xml.validating": { + "inherited": true, + "value": "off", + }, + "com.iplanet.services.configpath": { + "inherited": true, + "value": "%BASE_DIR%", + }, + "com.sun.identity.client.notification.url": { + "inherited": true, + "value": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", + }, + }, + "amconfig.header.mailserver": { + "com.iplanet.am.smtphost": { + "inherited": true, + "value": "localhost", + }, + "com.iplanet.am.smtpport": { + "inherited": true, + "value": "25", + }, + }, + "amconfig.header.site": { + "singleChoiceSite": "testsite", + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/03/sdk.properties.server.json 1`] = ` +{ + "_id": "03/properties/sdk", + "amconfig.header.cachingreplica": { + "com.iplanet.am.sdk.cache.maxSize": { + "inherited": true, + "value": "10000", + }, + }, + "amconfig.header.datastore": { + "com.sun.identity.sm.enableDataStoreNotification": { + "inherited": true, + "value": false, + }, + "com.sun.identity.sm.notification.threadpool.size": { + "inherited": true, + "value": "1", + }, + }, + "amconfig.header.eventservice": { + "com.iplanet.am.event.connection.delay.between.retries": { + "inherited": true, + "value": "3000", + }, + "com.iplanet.am.event.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.event.connection.num.retries": { + "inherited": true, + "value": "3", + }, + "com.sun.am.event.connection.disable.list": { + "inherited": true, + "value": "aci,um,sm", + }, + }, + "amconfig.header.ldapconnection": { + "com.iplanet.am.ldap.connection.delay.between.retries": { + "inherited": true, + "value": "1000", + }, + "com.iplanet.am.ldap.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.ldap.connection.num.retries": { + "inherited": true, + "value": "3", + }, + }, + "amconfig.header.sdktimetoliveconfig": { + "com.iplanet.am.sdk.cache.entry.default.expire.time": { + "inherited": true, + "value": "30", + }, + "com.iplanet.am.sdk.cache.entry.expire.enabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.sdk.cache.entry.user.expire.time": { + "inherited": true, + "value": "15", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/03/security.properties.server.json 1`] = ` +{ + "_id": "03/properties/security", + "amconfig.header.cookie": { + "com.iplanet.am.cookie.encode": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.cookie.name": { + "inherited": true, + "value": "iPlanetDirectoryPro", + }, + "com.iplanet.am.cookie.secure": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.crlcache": { + "com.sun.identity.crl.cache.directory.host": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.mtlsenabled": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.password": { + "inherited": true, + "value": null, + }, + "com.sun.identity.crl.cache.directory.port": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchattr": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchlocs": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.ssl": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.user": { + "inherited": true, + "value": "", + }, + }, + "amconfig.header.deserialisationwhitelist": { + "openam.deserialisation.classes.whitelist": { + "inherited": true, + "value": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", + }, + }, + "amconfig.header.encryption": { + "am.encryption.pwd": { + "inherited": true, + "value": "@AM_ENC_PWD@", + }, + "am.encryption.secret.alias": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.enabled": { + "inherited": true, + "value": false, + }, + "am.encryption.secret.keyPass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreFile": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystorePass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreType": { + "inherited": true, + "value": "JCEKS", + }, + "com.iplanet.security.SecureRandomFactoryImpl": { + "inherited": true, + "value": "com.iplanet.am.util.SecureRandomFactoryImpl", + }, + "com.iplanet.security.encryptor": { + "inherited": true, + "value": "com.iplanet.services.util.JCEEncryption", + }, + }, + "amconfig.header.ocsp.check": { + "com.sun.identity.authentication.ocsp.responder.nickname": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocsp.responder.url": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocspCheck": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.securitykey": { + "com.sun.identity.saml.xmlsig.certalias": { + "inherited": true, + "value": "test", + }, + "com.sun.identity.saml.xmlsig.keypass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.keypass", + }, + "com.sun.identity.saml.xmlsig.keystore": { + "inherited": true, + "value": "%BASE_DIR%/security/keystores/keystore.jceks", + }, + "com.sun.identity.saml.xmlsig.storepass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.storepass", + }, + "com.sun.identity.saml.xmlsig.storetype": { + "inherited": true, + "value": "JCEKS", + }, + }, + "amconfig.header.validation": { + "com.iplanet.am.clientIPCheckEnabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.services.comm.server.pllrequest.maxContentLength": { + "inherited": true, + "value": "16384", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/03/session.properties.server.json 1`] = ` +{ + "_id": "03/properties/session", + "amconfig.header.sessionlogging": { + "com.iplanet.am.stats.interval": { + "inherited": true, + "value": "60", + }, + "com.iplanet.services.stats.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/stats", + }, + "com.iplanet.services.stats.state": { + "inherited": true, + "value": "file", + }, + "com.sun.am.session.enableHostLookUp": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.sessionnotification": { + "com.iplanet.am.notification.threadpool.size": { + "inherited": true, + "value": "10", + }, + "com.iplanet.am.notification.threadpool.threshold": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionthresholds": { + "com.iplanet.am.session.invalidsessionmaxtime": { + "inherited": true, + "value": "3", + }, + "org.forgerock.openam.session.service.access.persistence.caching.maxsize": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionvalidation": { + "com.sun.am.session.caseInsensitiveDN": { + "inherited": true, + "value": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/03/uma.properties.server.json 1`] = ` +{ + "_id": "03/properties/uma", + "amconfig.org.forgerock.services.resourcesets.store.common.section": { + "org.forgerock.services.resourcesets.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.resourcesets.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.resourcesets.store.external.section": { + "org.forgerock.services.resourcesets.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.resourcesets.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.common.section": { + "org.forgerock.services.uma.labels.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.labels.store.max.connections": { + "inherited": true, + "value": "2", + }, + "org.forgerock.services.uma.labels.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.external.section": { + "org.forgerock.services.uma.labels.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.labels.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.labels.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { + "org.forgerock.services.uma.pendingrequests.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.pendingrequests.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { + "org.forgerock.services.uma.pendingrequests.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.common.section": { + "org.forgerock.services.umaaudit.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.umaaudit.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.external.section": { + "org.forgerock.services.umaaudit.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.umaaudit.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/04.server.json 1`] = ` +{ + "defaultProperties": { + "advanced": "file://default/advanced.default.properties.server.json", + "cts": "file://default/cts.default.properties.server.json", + "general": "file://default/general.default.properties.server.json", + "sdk": "file://default/sdk.default.properties.server.json", + "security": "file://default/security.default.properties.server.json", + "session": "file://default/session.default.properties.server.json", + "uma": "file://default/uma.default.properties.server.json", + }, + "server": { + "04": { + "_id": "04", + "properties": { + "advanced": "file://04/advanced.properties.server.json", + "cts": "file://04/cts.properties.server.json", + "directoryConfiguration": "file://04/directoryConfiguration.properties.server.json", + "general": "file://04/general.properties.server.json", + "sdk": "file://04/sdk.properties.server.json", + "security": "file://04/security.properties.server.json", + "session": "file://04/session.properties.server.json", + "uma": "file://04/uma.properties.server.json", + }, + "siteName": null, + "url": "http://localhost:8082/am", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/04/advanced.properties.server.json 1`] = ` +{ + "_id": "04/properties/advanced", + "com.iplanet.am.lbcookie.value": "04", +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/04/cts.properties.server.json 1`] = ` +{ + "_id": "04/properties/cts", + "amconfig.org.forgerock.services.cts.store.common.section": { + "org.forgerock.services.cts.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.cts.store.max.connections": { + "inherited": true, + "value": "100", + }, + "org.forgerock.services.cts.store.page.size": { + "inherited": true, + "value": "0", + }, + "org.forgerock.services.cts.store.root.suffix": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.vlv.page.size": { + "inherited": true, + "value": "1000", + }, + }, + "amconfig.org.forgerock.services.cts.store.external.section": { + "org.forgerock.services.cts.store.affinity.enabled": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.cts.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.cts.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.cts.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/04/directoryConfiguration.properties.server.json 1`] = ` +{ + "_id": "04/properties/directoryConfiguration", + "directoryConfiguration": { + "bindDn": "cn=Directory Manager", + "bindPassword": null, + "maxConnectionPool": 10, + "minConnectionPool": 1, + "mtlsAlias": "", + "mtlsEnabled": false, + "mtlsKeyPasswordFile": "", + "mtlsKeyStoreFile": "", + "mtlsKeyStorePasswordFile": "", + "mtlsKeyStoreType": null, + }, + "directoryServers": [ + { + "connectionType": "SSL", + "hostName": "localhost", + "portNumber": "50636", + "serverName": "Server1", + }, + ], +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/04/general.properties.server.json 1`] = ` +{ + "_id": "04/properties/general", + "amconfig.header.debug": { + "com.iplanet.services.debug.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/debug", + }, + "com.iplanet.services.debug.level": { + "inherited": true, + "value": "off", + }, + "com.sun.services.debug.mergeall": { + "inherited": true, + "value": "on", + }, + }, + "amconfig.header.installdir": { + "com.iplanet.am.locale": { + "inherited": true, + "value": "en_US", + }, + "com.iplanet.am.util.xml.validating": { + "inherited": true, + "value": "off", + }, + "com.iplanet.services.configpath": { + "inherited": true, + "value": "%BASE_DIR%", + }, + "com.sun.identity.client.notification.url": { + "inherited": true, + "value": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", + }, + }, + "amconfig.header.mailserver": { + "com.iplanet.am.smtphost": { + "inherited": true, + "value": "localhost", + }, + "com.iplanet.am.smtpport": { + "inherited": true, + "value": "25", + }, + }, + "amconfig.header.site": { + "singleChoiceSite": "[Empty]", + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/04/sdk.properties.server.json 1`] = ` +{ + "_id": "04/properties/sdk", + "amconfig.header.cachingreplica": { + "com.iplanet.am.sdk.cache.maxSize": { + "inherited": true, + "value": "10000", + }, + }, + "amconfig.header.datastore": { + "com.sun.identity.sm.enableDataStoreNotification": { + "inherited": true, + "value": false, + }, + "com.sun.identity.sm.notification.threadpool.size": { + "inherited": true, + "value": "1", + }, + }, + "amconfig.header.eventservice": { + "com.iplanet.am.event.connection.delay.between.retries": { + "inherited": true, + "value": "3000", + }, + "com.iplanet.am.event.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.event.connection.num.retries": { + "inherited": true, + "value": "3", + }, + "com.sun.am.event.connection.disable.list": { + "inherited": true, + "value": "aci,um,sm", + }, + }, + "amconfig.header.ldapconnection": { + "com.iplanet.am.ldap.connection.delay.between.retries": { + "inherited": true, + "value": "1000", + }, + "com.iplanet.am.ldap.connection.ldap.error.codes.retries": { + "inherited": true, + "value": "80,81,91", + }, + "com.iplanet.am.ldap.connection.num.retries": { + "inherited": true, + "value": "3", + }, + }, + "amconfig.header.sdktimetoliveconfig": { + "com.iplanet.am.sdk.cache.entry.default.expire.time": { + "inherited": true, + "value": "30", + }, + "com.iplanet.am.sdk.cache.entry.expire.enabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.sdk.cache.entry.user.expire.time": { + "inherited": true, + "value": "15", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/04/security.properties.server.json 1`] = ` +{ + "_id": "04/properties/security", + "amconfig.header.cookie": { + "com.iplanet.am.cookie.encode": { + "inherited": true, + "value": false, + }, + "com.iplanet.am.cookie.name": { + "inherited": true, + "value": "iPlanetDirectoryPro", + }, + "com.iplanet.am.cookie.secure": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.crlcache": { + "com.sun.identity.crl.cache.directory.host": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.mtlsenabled": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.password": { + "inherited": true, + "value": null, + }, + "com.sun.identity.crl.cache.directory.port": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchattr": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.searchlocs": { + "inherited": true, + "value": "", + }, + "com.sun.identity.crl.cache.directory.ssl": { + "inherited": true, + "value": false, + }, + "com.sun.identity.crl.cache.directory.user": { + "inherited": true, + "value": "", + }, + }, + "amconfig.header.deserialisationwhitelist": { + "openam.deserialisation.classes.whitelist": { + "inherited": true, + "value": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", + }, + }, + "amconfig.header.encryption": { + "am.encryption.pwd": { + "inherited": true, + "value": "@AM_ENC_PWD@", + }, + "am.encryption.secret.alias": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.enabled": { + "inherited": true, + "value": false, + }, + "am.encryption.secret.keyPass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreFile": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystorePass": { + "inherited": true, + "value": null, + }, + "am.encryption.secret.keystoreType": { + "inherited": true, + "value": "JCEKS", + }, + "com.iplanet.security.SecureRandomFactoryImpl": { + "inherited": true, + "value": "com.iplanet.am.util.SecureRandomFactoryImpl", + }, + "com.iplanet.security.encryptor": { + "inherited": true, + "value": "com.iplanet.services.util.JCEEncryption", + }, + }, + "amconfig.header.ocsp.check": { + "com.sun.identity.authentication.ocsp.responder.nickname": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocsp.responder.url": { + "inherited": true, + "value": "", + }, + "com.sun.identity.authentication.ocspCheck": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.securitykey": { + "com.sun.identity.saml.xmlsig.certalias": { + "inherited": true, + "value": "test", + }, + "com.sun.identity.saml.xmlsig.keypass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.keypass", + }, + "com.sun.identity.saml.xmlsig.keystore": { + "inherited": true, + "value": "%BASE_DIR%/security/keystores/keystore.jceks", + }, + "com.sun.identity.saml.xmlsig.storepass": { + "inherited": true, + "value": "%BASE_DIR%/security/secrets/default/.storepass", + }, + "com.sun.identity.saml.xmlsig.storetype": { + "inherited": true, + "value": "JCEKS", + }, + }, + "amconfig.header.validation": { + "com.iplanet.am.clientIPCheckEnabled": { + "inherited": true, + "value": false, + }, + "com.iplanet.services.comm.server.pllrequest.maxContentLength": { + "inherited": true, + "value": "16384", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/04/session.properties.server.json 1`] = ` +{ + "_id": "04/properties/session", + "amconfig.header.sessionlogging": { + "com.iplanet.am.stats.interval": { + "inherited": true, + "value": "60", + }, + "com.iplanet.services.stats.directory": { + "inherited": true, + "value": "%BASE_DIR%/var/stats", + }, + "com.iplanet.services.stats.state": { + "inherited": true, + "value": "file", + }, + "com.sun.am.session.enableHostLookUp": { + "inherited": true, + "value": false, + }, + }, + "amconfig.header.sessionnotification": { + "com.iplanet.am.notification.threadpool.size": { + "inherited": true, + "value": "10", + }, + "com.iplanet.am.notification.threadpool.threshold": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionthresholds": { + "com.iplanet.am.session.invalidsessionmaxtime": { + "inherited": true, + "value": "3", + }, + "org.forgerock.openam.session.service.access.persistence.caching.maxsize": { + "inherited": true, + "value": "5000", + }, + }, + "amconfig.header.sessionvalidation": { + "com.sun.am.session.caseInsensitiveDN": { + "inherited": true, + "value": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/04/uma.properties.server.json 1`] = ` +{ + "_id": "04/properties/uma", + "amconfig.org.forgerock.services.resourcesets.store.common.section": { + "org.forgerock.services.resourcesets.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.resourcesets.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.resourcesets.store.external.section": { + "org.forgerock.services.resourcesets.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.resourcesets.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.resourcesets.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.resourcesets.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.common.section": { + "org.forgerock.services.uma.labels.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.labels.store.max.connections": { + "inherited": true, + "value": "2", + }, + "org.forgerock.services.uma.labels.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.labels.store.external.section": { + "org.forgerock.services.uma.labels.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.labels.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.labels.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.labels.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { + "org.forgerock.services.uma.pendingrequests.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.uma.pendingrequests.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { + "org.forgerock.services.uma.pendingrequests.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.uma.pendingrequests.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.common.section": { + "org.forgerock.services.umaaudit.store.location": { + "inherited": true, + "value": "default", + }, + "org.forgerock.services.umaaudit.store.max.connections": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.root.suffix": { + "inherited": true, + "value": "", + }, + }, + "amconfig.org.forgerock.services.umaaudit.store.external.section": { + "org.forgerock.services.umaaudit.store.directory.name": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.heartbeat": { + "inherited": true, + "value": "10", + }, + "org.forgerock.services.umaaudit.store.loginid": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.mtls.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.password": { + "inherited": true, + "value": null, + }, + "org.forgerock.services.umaaudit.store.ssl.enabled": { + "inherited": true, + "value": "", + }, + "org.forgerock.services.umaaudit.store.starttls.enabled": { + "inherited": true, + "value": "", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/default/advanced.default.properties.server.json 1`] = ` +{ + "_id": "null/properties/advanced", + "com.iplanet.am.buildDate": "2024-March-28 16:00", + "com.iplanet.am.buildRevision": "89116d59a1ebe73ed1931dd3649adb7f217cd06b", + "com.iplanet.am.buildVersion": "ForgeRock Access Management 7.5.0", + "com.iplanet.am.cookie.c66Encode": true, + "com.iplanet.am.daemons": "securid", + "com.iplanet.am.directory.ssl.enabled": false, + "com.iplanet.am.installdir": "%BASE_DIR%", + "com.iplanet.am.jssproxy.SSLTrustHostList": "", + "com.iplanet.am.jssproxy.checkSubjectAltName": false, + "com.iplanet.am.jssproxy.resolveIPAddress": false, + "com.iplanet.am.jssproxy.trustAllServerCerts": false, + "com.iplanet.am.lbcookie.name": "amlbcookie", + "com.iplanet.am.lbcookie.value": "00", + "com.iplanet.am.logstatus": "ACTIVE", + "com.iplanet.am.pcookie.name": "DProPCookie", + "com.iplanet.am.profile.host": "%SERVER_HOST%", + "com.iplanet.am.profile.port": "%SERVER_PORT%", + "com.iplanet.am.serverMode": true, + "com.iplanet.am.session.agentSessionIdleTime": "1440", + "com.iplanet.am.session.client.polling.enable": false, + "com.iplanet.am.session.client.polling.period": "180", + "com.iplanet.am.session.httpSession.enabled": "true", + "com.iplanet.am.version": "ForgeRock Access Management 7.5.0 Build 89116d59a1ebe73ed1931dd3649adb7f217cd06b (2024-March-28 16:00)", + "com.iplanet.security.SSLSocketFactoryImpl": "com.sun.identity.shared.ldap.factory.JSSESocketFactory", + "com.sun.am.event.notification.expire.time": "5", + "com.sun.embedded.sync.servers": "on", + "com.sun.identity.am.cookie.check": false, + "com.sun.identity.auth.cookieName": "AMAuthCookie", + "com.sun.identity.authentication.multiple.tabs.used": false, + "com.sun.identity.authentication.setCookieToAllDomains": true, + "com.sun.identity.authentication.special.users": "cn=dsameuser,ou=DSAME Users,%ROOT_SUFFIX%|cn=amService-UrlAccessAgent,ou=DSAME Users,%ROOT_SUFFIX%", + "com.sun.identity.authentication.super.user": "uid=amAdmin,ou=People,%ROOT_SUFFIX%", + "com.sun.identity.authentication.uniqueCookieName": "sunIdentityServerAuthNServer", + "com.sun.identity.cookie.httponly": true, + "com.sun.identity.cookie.samesite": "off", + "com.sun.identity.enableUniqueSSOTokenCookie": false, + "com.sun.identity.jss.donotInstallAtHighestPriority": true, + "com.sun.identity.monitoring": "off", + "com.sun.identity.monitoring.local.conn.server.url": "service:jmx:rmi://", + "com.sun.identity.password.deploymentDescriptor": "%SERVER_URI%", + "com.sun.identity.plugin.configuration.class": "@CONFIGURATION_PROVIDER_CLASS@", + "com.sun.identity.plugin.datastore.class.default": "@DATASTORE_PROVIDER_CLASS@", + "com.sun.identity.plugin.log.class": "@LOG_PROVIDER_CLASS@", + "com.sun.identity.plugin.monitoring.agent.class": "@MONAGENT_PROVIDER_CLASS@", + "com.sun.identity.plugin.monitoring.saml2.class": "@MONSAML2_PROVIDER_CLASS@", + "com.sun.identity.plugin.session.class": "@SESSION_PROVIDER_CLASS@", + "com.sun.identity.policy.Policy.policy_evaluation_weights": "10:10:10", + "com.sun.identity.policy.resultsCacheMaxSize": "10000", + "com.sun.identity.policy.resultsCacheResourceCap": "20", + "com.sun.identity.saml.xmlsig.keyprovider.class": "@XMLSIG_KEY_PROVIDER@", + "com.sun.identity.saml.xmlsig.passwordDecoder": "@PASSWORD_DECODER_CLASS@", + "com.sun.identity.saml.xmlsig.signatureprovider.class": "@XML_SIGNATURE_PROVIDER@", + "com.sun.identity.security.checkcaller": false, + "com.sun.identity.server.fqdnMap[dnsfirst]": "dnsfirst", + "com.sun.identity.server.fqdnMap[hello]": "hello", + "com.sun.identity.server.fqdnMap[localhost]": "localhost", + "com.sun.identity.server.fqdnMap[openam-frodo-dev.classic.com]": "openam-frodo-dev.classic.com", + "com.sun.identity.server.fqdnMap[openam]": "openam", + "com.sun.identity.server.fqdnMap[secondDNS]": "secondDNS", + "com.sun.identity.session.repository.enableAttributeCompression": false, + "com.sun.identity.session.repository.enableCompression": false, + "com.sun.identity.session.repository.enableEncryption": false, + "com.sun.identity.sm.cache.ttl": "30", + "com.sun.identity.sm.cache.ttl.enable": false, + "com.sun.identity.url.readTimeout": "30000", + "com.sun.identity.webcontainer": "WEB_CONTAINER", + "dynamic.datastore.creation.enabled": false, + "openam.auth.destroy_session_after_upgrade": true, + "openam.auth.distAuthCookieName": "AMDistAuthCookie", + "openam.auth.session_property_upgrader": "org.forgerock.openam.authentication.service.DefaultSessionPropertyUpgrader", + "openam.auth.version.header.enabled": false, + "openam.authentication.ignore_goto_during_logout": false, + "openam.cdm.default.charset": "UTF-8", + "openam.forbidden.to.copy.headers": "connection", + "openam.forbidden.to.copy.request.headers": "connection", + "openam.oauth2.client.jwt.encryption.algorithm.allow.list": "RSA-OAEP,RSA-OAEP-256,ECDH-ES", + "openam.oauth2.client.jwt.unreasonable.lifetime.limit.minutes": "30", + "openam.retained.http.headers": "X-DSAMEVersion", + "openam.retained.http.request.headers": "X-DSAMEVersion", + "openam.serviceattributevalidator.classes.whitelist": "org.forgerock.openam.auth.nodes.validators.GreaterThanZeroValidator,org.forgerock.openam.auth.nodes.validators.HMACKeyLengthValidator,org.forgerock.openam.auth.nodes.validators.HmacSigningKeyValidator,org.forgerock.openam.auth.nodes.validators.PercentageValidator,org.forgerock.openam.auth.nodes.validators.QueryFilterValidator,org.forgerock.openam.auth.nodes.validators.SessionPropertyNameValidator,org.forgerock.openam.auth.nodes.validators.SessionPropertyValidator,org.forgerock.openam.auth.nodes.framework.validators.NodeValueValidator,org.forgerock.openam.audit.validation.PositiveIntegerValidator,org.forgerock.openam.authentication.modules.fr.oath.validators.AlphaNumericValidator,org.forgerock.openam.authentication.modules.fr.oath.validators.CodeLengthValidator,org.forgerock.openam.authentication.modules.persistentcookie.validation.SigningKeyValidator,com.sun.identity.common.configuration.DuplicateKeyMapValueValidator,com.sun.identity.common.configuration.AgentClientIpModeValueValidator,com.sun.identity.common.configuration.FilterModeValueValidator,com.sun.identity.common.configuration.GlobalMapValueValidator,com.sun.identity.common.configuration.ListValueValidator,com.sun.identity.common.configuration.MapValueValidator,com.sun.identity.common.configuration.ServerPropertyValidator,com.sun.identity.policy.ResourceComparatorValidator,com.sun.identity.sm.EmailValidator,com.sun.identity.sm.IPAddressValidator,com.sun.identity.sm.RequiredValueValidator,com.sun.identity.sm.ServerIDValidator,com.sun.identity.sm.SiteIDValidator,org.forgerock.openam.sm.validation.Base64EncodedBinaryValidator,org.forgerock.openam.sm.validation.BlankValueValidator,org.forgerock.openam.sm.validation.DurationValidator,org.forgerock.openam.sm.validation.EndpointValidator,org.forgerock.openam.sm.validation.HostnameValidator,org.forgerock.openam.sm.validation.PortValidator,org.forgerock.openam.sm.validation.SecretIdValidator,org.forgerock.openam.sm.validation.StatelessSessionSigningAlgorithmValidator,org.forgerock.openam.sm.validation.StringMapValidator,org.forgerock.openam.sm.validation.URLValidator,org.forgerock.openam.selfservice.config.KeyAliasValidator,org.forgerock.openam.sm.validation.UniqueIndexedValuesValidator,org.forgerock.openam.webhook.HttpHeaderValidator,org.forgerock.oauth2.core.ClientRedirectUriValidator", + "openam.session.case.sensitive.uuid": false, + "org.forgerock.allow.http.client.debug": false, + "org.forgerock.am.auth.chains.authindexuser.strict": true, + "org.forgerock.am.auth.node.otp.inSharedState": false, + "org.forgerock.am.auth.trees.authenticate.identified.identity": true, + "org.forgerock.openam.audit.additionalSuccessStatusCodesEnabled": true, + "org.forgerock.openam.audit.identity.activity.events.blacklist": "AM-ACCESS-ATTEMPT,AM-IDENTITY-CHANGE,AM-GROUP-CHANGE", + "org.forgerock.openam.auth.transactionauth.returnErrorOnAuthFailure": false, + "org.forgerock.openam.authLevel.excludeRequiredOrRequisite": false, + "org.forgerock.openam.authentication.forceAuth.enabled": false, + "org.forgerock.openam.console.autocomplete.enabled": true, + "org.forgerock.openam.core.resource.lookup.cache.enabled": true, + "org.forgerock.openam.core.sms.placeholder_api_enabled": "OFF", + "org.forgerock.openam.devices.recovery.use_insecure_storage": false, + "org.forgerock.openam.encryption.key.digest": "SHA1", + "org.forgerock.openam.encryption.key.iterations": "10000", + "org.forgerock.openam.encryption.key.size": "128", + "org.forgerock.openam.httpclienthandler.system.clients.connection.timeout": "10 seconds", + "org.forgerock.openam.httpclienthandler.system.clients.max.connections": "64", + "org.forgerock.openam.httpclienthandler.system.clients.pool.ttl": "-1", + "org.forgerock.openam.httpclienthandler.system.clients.response.timeout": "10 seconds", + "org.forgerock.openam.httpclienthandler.system.clients.retry.failed.requests.enabled": true, + "org.forgerock.openam.httpclienthandler.system.clients.reuse.connections.enabled": true, + "org.forgerock.openam.httpclienthandler.system.nonProxyHosts": "localhost,127.*,[::1],0.0.0.0,[::0]", + "org.forgerock.openam.httpclienthandler.system.proxy.enabled": false, + "org.forgerock.openam.httpclienthandler.system.proxy.password": null, + "org.forgerock.openam.httpclienthandler.system.proxy.uri": "", + "org.forgerock.openam.httpclienthandler.system.proxy.username": "", + "org.forgerock.openam.idm.attribute.names.lower.case": false, + "org.forgerock.openam.idrepo.ldapv3.passwordpolicy.allowDiagnosticMessage": false, + "org.forgerock.openam.idrepo.ldapv3.proxyauth.passwordreset.adminRequest": "isAdminPasswordChangeRequest", + "org.forgerock.openam.introspect.token.query.param.allowed": false, + "org.forgerock.openam.ldap.dncache.expire.time": "0", + "org.forgerock.openam.ldap.heartbeat.timeout": "10", + "org.forgerock.openam.ldap.keepalive.search.base": "", + "org.forgerock.openam.ldap.keepalive.search.filter": "(objectClass=*)", + "org.forgerock.openam.ldap.secure.protocol.version": "TLSv1.3,TLSv1.2", + "org.forgerock.openam.notifications.agents.enabled": true, + "org.forgerock.openam.oauth2.checkIssuerForIdTokenInfo": true, + "org.forgerock.openam.radius.server.context.cache.size": "5000", + "org.forgerock.openam.redirecturlvalidator.maxUrlLength": "2000", + "org.forgerock.openam.request.max.bytes.entity.size": "1048576", + "org.forgerock.openam.saml2.authenticatorlookup.skewAllowance": "60", + "org.forgerock.openam.scripting.maxinterpreterstackdepth": "10000", + "org.forgerock.openam.secrets.special.user.passwords.format": "ENCRYPTED_PLAIN", + "org.forgerock.openam.secrets.special.user.secret.refresh.seconds": "900", + "org.forgerock.openam.session.service.persistence.deleteAsynchronously": true, + "org.forgerock.openam.session.stateless.encryption.method": "A128CBC-HS256", + "org.forgerock.openam.session.stateless.rsa.padding": "RSA-OAEP-256", + "org.forgerock.openam.session.stateless.signing.allownone": false, + "org.forgerock.openam.showServletTraceInBrowser": false, + "org.forgerock.openam.slf4j.enableTraceInMessage": false, + "org.forgerock.openam.smtp.system.connect.timeout": "10000", + "org.forgerock.openam.smtp.system.socket.read.timeout": "10000", + "org.forgerock.openam.smtp.system.socket.write.timeout": "10000", + "org.forgerock.openam.sso.providers.list": "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOProvider", + "org.forgerock.openam.timerpool.shutdown.retry.interval": "15000", + "org.forgerock.openam.timerpool.shutdown.retry.limit": "3", + "org.forgerock.openam.timerpool.shutdown.retry.multiplier": "1.5", + "org.forgerock.openam.trees.consumedstatedata.cache.size": "15", + "org.forgerock.openam.trees.ids.cache.size": "50", + "org.forgerock.openam.url.connectTimeout": "1000", + "org.forgerock.openam.xui.user.session.validation.enabled": true, + "org.forgerock.openidconnect.ssoprovider.maxcachesize": "5000", + "org.forgerock.security.entitlement.enforce.realm": true, + "org.forgerock.security.oauth2.enforce.sub.claim.uniqueness": true, + "org.forgerock.services.cts.store.reaper.enabled": true, + "org.forgerock.services.cts.store.ttlsupport.enabled": false, + "org.forgerock.services.cts.store.ttlsupport.exclusionlist": "", + "org.forgerock.services.default.store.max.connections": "", + "org.forgerock.services.default.store.min.connections": "", + "org.forgerock.services.openid.request.object.lifespan": "120000", + "securidHelper.ports": "58943", +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/default/cts.default.properties.server.json 1`] = ` +{ + "_id": "null/properties/cts", + "amconfig.org.forgerock.services.cts.store.common.section": { + "org.forgerock.services.cts.store.location": "default", + "org.forgerock.services.cts.store.max.connections": "100", + "org.forgerock.services.cts.store.page.size": "0", + "org.forgerock.services.cts.store.root.suffix": "", + "org.forgerock.services.cts.store.vlv.page.size": "1000", + }, + "amconfig.org.forgerock.services.cts.store.external.section": { + "org.forgerock.services.cts.store.directory.name": "", + "org.forgerock.services.cts.store.heartbeat": "10", + "org.forgerock.services.cts.store.loginid": "", + "org.forgerock.services.cts.store.mtls.enabled": "", + "org.forgerock.services.cts.store.password": null, + "org.forgerock.services.cts.store.ssl.enabled": "", + "org.forgerock.services.cts.store.starttls.enabled": "", + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/default/general.default.properties.server.json 1`] = ` +{ + "_id": "null/properties/general", + "amconfig.header.debug": { + "com.iplanet.services.debug.directory": "%BASE_DIR%/var/debug", + "com.iplanet.services.debug.level": "off", + "com.sun.services.debug.mergeall": "on", + }, + "amconfig.header.installdir": { + "com.iplanet.am.locale": "en_US", + "com.iplanet.am.util.xml.validating": "off", + "com.iplanet.services.configpath": "%BASE_DIR%", + "com.sun.identity.client.notification.url": "%SERVER_PROTO%://%SERVER_HOST%:%SERVER_PORT%/%SERVER_URI%/notificationservice", + }, + "amconfig.header.mailserver": { + "com.iplanet.am.smtphost": "localhost", + "com.iplanet.am.smtpport": "25", + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/default/sdk.default.properties.server.json 1`] = ` +{ + "_id": "null/properties/sdk", + "amconfig.header.cachingreplica": { + "com.iplanet.am.sdk.cache.maxSize": "10000", + }, + "amconfig.header.datastore": { + "com.sun.identity.sm.enableDataStoreNotification": false, + "com.sun.identity.sm.notification.threadpool.size": "1", + }, + "amconfig.header.eventservice": { + "com.iplanet.am.event.connection.delay.between.retries": "3000", + "com.iplanet.am.event.connection.ldap.error.codes.retries": "80,81,91", + "com.iplanet.am.event.connection.num.retries": "3", + "com.sun.am.event.connection.disable.list": "aci,um,sm", + }, + "amconfig.header.ldapconnection": { + "com.iplanet.am.ldap.connection.delay.between.retries": "1000", + "com.iplanet.am.ldap.connection.ldap.error.codes.retries": "80,81,91", + "com.iplanet.am.ldap.connection.num.retries": "3", + }, + "amconfig.header.sdktimetoliveconfig": { + "com.iplanet.am.sdk.cache.entry.default.expire.time": "30", + "com.iplanet.am.sdk.cache.entry.expire.enabled": false, + "com.iplanet.am.sdk.cache.entry.user.expire.time": "15", + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/default/security.default.properties.server.json 1`] = ` +{ + "_id": "null/properties/security", + "amconfig.header.cookie": { + "com.iplanet.am.cookie.encode": false, + "com.iplanet.am.cookie.name": "iPlanetDirectoryPro", + "com.iplanet.am.cookie.secure": false, + }, + "amconfig.header.crlcache": { + "com.sun.identity.crl.cache.directory.host": "", + "com.sun.identity.crl.cache.directory.mtlsenabled": false, + "com.sun.identity.crl.cache.directory.password": null, + "com.sun.identity.crl.cache.directory.port": "", + "com.sun.identity.crl.cache.directory.searchattr": "", + "com.sun.identity.crl.cache.directory.searchlocs": "", + "com.sun.identity.crl.cache.directory.ssl": false, + "com.sun.identity.crl.cache.directory.user": "", + }, + "amconfig.header.deserialisationwhitelist": { + "openam.deserialisation.classes.whitelist": "com.iplanet.dpro.session.DNOrIPAddressListTokenRestriction,com.sun.identity.common.CaseInsensitiveHashMap,com.sun.identity.common.CaseInsensitiveHashSet,com.sun.identity.common.CaseInsensitiveKey,com.sun.identity.console.base.model.SMSubConfig,com.sun.identity.console.session.model.SMSessionData,com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,com.sun.identity.shared.datastruct.OrderedSet,com.sun.xml.bind.util.ListImpl,com.sun.xml.bind.util.ProxyListImpl,java.lang.Boolean,java.lang.Integer,java.lang.Number,java.lang.StringBuffer,java.net.InetAddress,java.security.cert.Certificate,java.security.cert.Certificate$CertificateRep,java.util.ArrayList,java.util.Collections$EmptyMap,java.util.Collections$EmptySet,java.util.Collections$SingletonList,java.util.HashMap,java.util.HashSet,java.util.LinkedHashSet,java.util.Locale,org.forgerock.openam.authentication.service.protocol.RemoteCookie,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteHttpServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteServletRequest,org.forgerock.openam.authentication.service.protocol.RemoteServletResponse,org.forgerock.openam.authentication.service.protocol.RemoteSession,org.forgerock.openam.dpro.session.NoOpTokenRestriction,org.forgerock.openam.dpro.session.ProofOfPossessionTokenRestriction", + }, + "amconfig.header.encryption": { + "am.encryption.pwd": "@AM_ENC_PWD@", + "am.encryption.secret.enabled": false, + "am.encryption.secret.keystoreType": "JCEKS", + "com.iplanet.security.SecureRandomFactoryImpl": "com.iplanet.am.util.SecureRandomFactoryImpl", + "com.iplanet.security.encryptor": "com.iplanet.services.util.JCEEncryption", + }, + "amconfig.header.ocsp.check": { + "com.sun.identity.authentication.ocsp.responder.nickname": "", + "com.sun.identity.authentication.ocsp.responder.url": "", + "com.sun.identity.authentication.ocspCheck": false, + }, + "amconfig.header.securitykey": { + "com.sun.identity.saml.xmlsig.certalias": "test", + "com.sun.identity.saml.xmlsig.keypass": "%BASE_DIR%/security/secrets/default/.keypass", + "com.sun.identity.saml.xmlsig.keystore": "%BASE_DIR%/security/keystores/keystore.jceks", + "com.sun.identity.saml.xmlsig.storepass": "%BASE_DIR%/security/secrets/default/.storepass", + "com.sun.identity.saml.xmlsig.storetype": "JCEKS", + }, + "amconfig.header.validation": { + "com.iplanet.am.clientIPCheckEnabled": false, + "com.iplanet.services.comm.server.pllrequest.maxContentLength": "16384", + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/default/session.default.properties.server.json 1`] = ` +{ + "_id": "null/properties/session", + "amconfig.header.sessionlogging": { + "com.iplanet.am.stats.interval": "60", + "com.iplanet.services.stats.directory": "%BASE_DIR%/var/stats", + "com.iplanet.services.stats.state": "file", + "com.sun.am.session.enableHostLookUp": false, + }, + "amconfig.header.sessionnotification": { + "com.iplanet.am.notification.threadpool.size": "10", + "com.iplanet.am.notification.threadpool.threshold": "5000", + }, + "amconfig.header.sessionthresholds": { + "com.iplanet.am.session.invalidsessionmaxtime": "3", + "org.forgerock.openam.session.service.access.persistence.caching.maxsize": "5000", + }, + "amconfig.header.sessionvalidation": { + "com.sun.am.session.caseInsensitiveDN": true, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/server/default/uma.default.properties.server.json 1`] = ` +{ + "_id": "null/properties/uma", + "amconfig.org.forgerock.services.resourcesets.store.common.section": { + "org.forgerock.services.resourcesets.store.location": "default", + "org.forgerock.services.resourcesets.store.max.connections": "10", + "org.forgerock.services.resourcesets.store.root.suffix": "", + }, + "amconfig.org.forgerock.services.resourcesets.store.external.section": { + "org.forgerock.services.resourcesets.store.directory.name": "", + "org.forgerock.services.resourcesets.store.heartbeat": "10", + "org.forgerock.services.resourcesets.store.loginid": "", + "org.forgerock.services.resourcesets.store.mtls.enabled": "", + "org.forgerock.services.resourcesets.store.password": null, + "org.forgerock.services.resourcesets.store.ssl.enabled": "", + "org.forgerock.services.resourcesets.store.starttls.enabled": "", + }, + "amconfig.org.forgerock.services.uma.labels.store.common.section": { + "org.forgerock.services.uma.labels.store.location": "default", + "org.forgerock.services.uma.labels.store.max.connections": "2", + "org.forgerock.services.uma.labels.store.root.suffix": "", + }, + "amconfig.org.forgerock.services.uma.labels.store.external.section": { + "org.forgerock.services.uma.labels.store.directory.name": "", + "org.forgerock.services.uma.labels.store.heartbeat": "10", + "org.forgerock.services.uma.labels.store.loginid": "", + "org.forgerock.services.uma.labels.store.mtls.enabled": "", + "org.forgerock.services.uma.labels.store.password": null, + "org.forgerock.services.uma.labels.store.ssl.enabled": "", + "org.forgerock.services.uma.labels.store.starttls.enabled": "", + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.common.section": { + "org.forgerock.services.uma.pendingrequests.store.location": "default", + "org.forgerock.services.uma.pendingrequests.store.max.connections": "10", + "org.forgerock.services.uma.pendingrequests.store.root.suffix": "", + }, + "amconfig.org.forgerock.services.uma.pendingrequests.store.external.section": { + "org.forgerock.services.uma.pendingrequests.store.directory.name": "", + "org.forgerock.services.uma.pendingrequests.store.heartbeat": "10", + "org.forgerock.services.uma.pendingrequests.store.loginid": "", + "org.forgerock.services.uma.pendingrequests.store.mtls.enabled": "", + "org.forgerock.services.uma.pendingrequests.store.password": null, + "org.forgerock.services.uma.pendingrequests.store.ssl.enabled": "", + "org.forgerock.services.uma.pendingrequests.store.starttls.enabled": "", + }, + "amconfig.org.forgerock.services.umaaudit.store.common.section": { + "org.forgerock.services.umaaudit.store.location": "default", + "org.forgerock.services.umaaudit.store.max.connections": "10", + "org.forgerock.services.umaaudit.store.root.suffix": "", + }, + "amconfig.org.forgerock.services.umaaudit.store.external.section": { + "org.forgerock.services.umaaudit.store.directory.name": "", + "org.forgerock.services.umaaudit.store.heartbeat": "10", + "org.forgerock.services.umaaudit.store.loginid": "", + "org.forgerock.services.umaaudit.store.mtls.enabled": "", + "org.forgerock.services.umaaudit.store.password": null, + "org.forgerock.services.umaaudit.store.ssl.enabled": "", + "org.forgerock.services.umaaudit.store.starttls.enabled": "", + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/ConfigurationVersionService.service.json 1`] = ` +{ + "service": { + "ConfigurationVersionService": { + "_id": "", + "_type": { + "_id": "ConfigurationVersionService", + "collection": false, + "name": "Configuration Version Service", + }, + "appliedRuleIds": [ + "AME-23273", + "AME-21032", + "AME-21768", + ], + "configurationVersion": "8.0.0.0", + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/CorsService.service.json 1`] = ` +{ + "service": { + "CorsService": { + "_id": "", + "_type": { + "_id": "CorsService", + "collection": false, + "name": "CORS Service", + }, + "enabled": true, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/DataStoreService.service.json 1`] = ` +{ + "service": { + "DataStoreService": { + "_id": "", + "_type": { + "_id": "DataStoreService", + "collection": false, + "name": "External Data Stores", + }, + "defaults": { + "applicationDataStoreId": "fd270e31-1788-4193-8734-eb2d500c47f3", + "policyDataStoreId": "fd270e31-1788-4193-8734-eb2d500c47f3", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/GoogleCloudServiceAccountService.service.json 1`] = ` +{ + "service": { + "GoogleCloudServiceAccountService": { + "_id": "", + "_type": { + "_id": "GoogleCloudServiceAccountService", + "collection": false, + "name": "Google Cloud Platform Service Accounts", + }, + "enabled": true, + "location": "global", + "nextDescendents": [ + { + "_id": "default", + "_type": { + "_id": "serviceAccounts", + "collection": true, + "name": "GCP Service Account", + }, + "allowedRealms": [ + "*", + ], + "allowedSecretNamePatterns": [ + "*", + ], + "disallowedSecretNamePatterns": [], + }, + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/IdentityAssertionService.service.json 1`] = ` +{ + "service": { + "IdentityAssertionService": { + "_id": "", + "_type": { + "_id": "IdentityAssertionService", + "collection": false, + "name": "Identity Assertion Service", + }, + "cacheDuration": 120, + "defaults": { + "cacheDuration": 120, + "enable": true, + }, + "enable": true, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/RadiusServerService.service.json 1`] = ` +{ + "service": { + "RadiusServerService": { + "_id": "", + "_type": { + "_id": "RadiusServerService", + "collection": false, + "name": "RADIUS Server", + }, + "location": "global", + "nextDescendents": [], + "radiusListenerEnabled": "NO", + "radiusServerPort": 1812, + "radiusThreadPoolCoreSize": 1, + "radiusThreadPoolKeepaliveSeconds": 10, + "radiusThreadPoolMaxSize": 10, + "radiusThreadPoolQueueSize": 20, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/RemoteConsentService.service.json 1`] = ` +{ + "service": { + "RemoteConsentService": { + "_id": "", + "_type": { + "_id": "RemoteConsentService", + "collection": false, + "name": "Remote Consent Service", + }, + "defaults": { + "consentResponseTimeLimit": 2, + "jwkStoreCacheMissCacheTime": 1, + "jwkStoreCacheTimeout": 5, + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/SocialIdentityProviders.service.json 1`] = ` +{ + "service": { + "SocialIdentityProviders": { + "_id": "", + "_type": { + "_id": "SocialIdentityProviders", + "collection": false, + "name": "Social Identity Provider Service", + }, + "defaults": { + "enabled": true, + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/amSessionPropertyWhitelist.service.json 1`] = ` +{ + "service": { + "amSessionPropertyWhitelist": { + "_id": "", + "_type": { + "_id": "amSessionPropertyWhitelist", + "collection": false, + "name": "Session Property Whitelist Service", + }, + "defaults": { + "sessionPropertyWhitelist": [ + "AMCtxId", + ], + "whitelistedQueryProperties": [], + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/androidKeyAttestation.service.json 1`] = ` +{ + "service": { + "androidKeyAttestation": { + "_id": "", + "_type": { + "_id": "androidKeyAttestation", + "collection": false, + "name": "Android Key Attestation", + }, + "cacheDuration": 24, + "defaults": { + "crlUrl": "https://android.googleapis.com/attestation/status", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/audit.service.json 1`] = ` +{ + "service": { + "audit": { + "_id": "", + "_type": { + "_id": "audit", + "collection": false, + "name": "Audit Logging", + }, + "auditEnabled": true, + "blacklistFieldFilters": [], + "defaults": { + "auditEnabled": true, + "blacklistFieldFilters": [], + "whitelistFieldFilters": [], + }, + "location": "global", + "nextDescendents": [ + { + "_id": "Global JSON Handler", + "_type": { + "_id": "JSON", + "collection": true, + "name": "JSON", + }, + "commonHandler": { + "enabled": true, + "topics": [ + "access", + "activity", + "config", + "authentication", + ], + }, + "commonHandlerPlugin": { + "handlerFactory": "org.forgerock.openam.audit.events.handlers.JsonAuditEventHandlerFactory", + }, + "jsonBuffering": { + "bufferingMaxSize": "100000", + "bufferingWriteInterval": "5", + }, + "jsonConfig": { + "elasticsearchCompatible": false, + "location": "%BASE_DIR%/var/audit/", + "rotationRetentionCheckInterval": "5", + }, + "jsonFileRetention": { + "retentionMaxDiskSpaceToUse": "-1", + "retentionMaxNumberOfHistoryFiles": "1", + "retentionMinFreeSpaceRequired": "-1", + }, + "jsonFileRotation": { + "rotationEnabled": true, + "rotationFileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "rotationInterval": "-1", + "rotationMaxFileSize": "100000000", + "rotationTimes": [], + }, + }, + ], + "whitelistFieldFilters": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/authenticatorOathService.service.json 1`] = ` +{ + "service": { + "authenticatorOathService": { + "_id": "", + "_type": { + "_id": "authenticatorOathService", + "collection": false, + "name": "ForgeRock Authenticator (OATH) Service", + }, + "defaults": { + "authenticatorOATHDeviceSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "authenticatorOATHDeviceSettingsEncryptionKeystoreKeyPairAlias": "pushDeviceProfiles", + "authenticatorOATHDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorOATHDeviceSettingsEncryptionKeystoreType": "JKS", + "authenticatorOATHDeviceSettingsEncryptionScheme": "NONE", + "authenticatorOATHSkippableName": "oath2faEnabled", + "oathAttrName": "oathDeviceProfiles", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/authenticatorPushService.service.json 1`] = ` +{ + "service": { + "authenticatorPushService": { + "_id": "", + "_type": { + "_id": "authenticatorPushService", + "collection": false, + "name": "ForgeRock Authenticator (Push) Service", + }, + "defaults": { + "authenticatorPushDeviceSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "authenticatorPushDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorPushDeviceSettingsEncryptionKeystoreType": "JKS", + "authenticatorPushDeviceSettingsEncryptionScheme": "NONE", + "authenticatorPushSkippableName": "push2faEnabled", + "pushAttrName": "pushDeviceProfiles", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/authenticatorWebAuthnService.service.json 1`] = ` +{ + "service": { + "authenticatorWebAuthnService": { + "_id": "", + "_type": { + "_id": "authenticatorWebAuthnService", + "collection": false, + "name": "WebAuthn Profile Encryption Service", + }, + "defaults": { + "authenticatorWebAuthnDeviceSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jceks", + "authenticatorWebAuthnDeviceSettingsEncryptionKeystorePassword": null, + "authenticatorWebAuthnDeviceSettingsEncryptionKeystoreType": "JCEKS", + "authenticatorWebAuthnDeviceSettingsEncryptionScheme": "NONE", + "webauthnAttrName": "webauthnDeviceProfiles", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/baseurl.service.json 1`] = ` +{ + "service": { + "baseurl": { + "_id": "", + "_type": { + "_id": "baseurl", + "collection": false, + "name": "Base URL Source", + }, + "defaults": { + "contextPath": "/am", + "source": "REQUEST_VALUES", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/dashboard.service.json 1`] = ` +{ + "service": { + "dashboard": { + "_id": "", + "_type": { + "_id": "dashboard", + "collection": false, + "name": "Dashboard", + }, + "defaults": { + "assignedDashboard": [], + }, + "location": "global", + "nextDescendents": [ + { + "_id": "Google", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "Google", + "icfIdentifier": "idm magic 34", + "icon": "images/logos/googleplus.png", + "login": "http://www.google.com", + "name": "Google", + }, + { + "_id": "SalesForce", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "SalesForce", + "icfIdentifier": "idm magic 12", + "icon": "images/logos/salesforce.png", + "login": "http://www.salesforce.com", + "name": "SalesForce", + }, + { + "_id": "ZenDesk", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance", + }, + "className": "SAML2ApplicationClass", + "displayName": "ZenDesk", + "icfIdentifier": "idm magic 56", + "icon": "images/logos/zendesk.png", + "login": "http://www.ZenDesk.com", + "name": "ZenDesk", + }, + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/deviceBindingService.service.json 1`] = ` +{ + "service": { + "deviceBindingService": { + "_id": "", + "_type": { + "_id": "deviceBindingService", + "collection": false, + "name": "Device Binding Service", + }, + "defaults": { + "deviceBindingAttrName": "boundDevices", + "deviceBindingSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "deviceBindingSettingsEncryptionKeystorePassword": null, + "deviceBindingSettingsEncryptionKeystoreType": "JKS", + "deviceBindingSettingsEncryptionScheme": "NONE", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/deviceIdService.service.json 1`] = ` +{ + "service": { + "deviceIdService": { + "_id": "", + "_type": { + "_id": "deviceIdService", + "collection": false, + "name": "Device ID Service", + }, + "defaults": { + "deviceIdAttrName": "devicePrintProfiles", + "deviceIdSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "deviceIdSettingsEncryptionKeystorePassword": null, + "deviceIdSettingsEncryptionKeystoreType": "JKS", + "deviceIdSettingsEncryptionScheme": "NONE", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/deviceProfilesService.service.json 1`] = ` +{ + "service": { + "deviceProfilesService": { + "_id": "", + "_type": { + "_id": "deviceProfilesService", + "collection": false, + "name": "Device Profiles Service", + }, + "defaults": { + "deviceProfilesAttrName": "deviceProfiles", + "deviceProfilesSettingsEncryptionKeystore": "/root/am/security/keystores/keystore.jks", + "deviceProfilesSettingsEncryptionKeystorePassword": null, + "deviceProfilesSettingsEncryptionKeystoreType": "JKS", + "deviceProfilesSettingsEncryptionScheme": "NONE", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/email.service.json 1`] = ` +{ + "service": { + "email": { + "_id": "", + "_type": { + "_id": "email", + "collection": false, + "name": "Email Service", + }, + "defaults": { + "emailAddressAttribute": "mail", + "emailImplClassName": "org.forgerock.openam.services.email.MailServerImpl", + "emailRateLimitSeconds": 1, + "port": 465, + "sslState": "SSL", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/federationcommon.service.json 1`] = ` +{ + "service": { + "federation/common": { + "_id": "", + "_type": { + "_id": "federation/common", + "collection": false, + "name": "Common Federation Configuration", + }, + "algorithms": { + "DigestAlgorithm": "http://www.w3.org/2001/04/xmlenc#sha256", + "QuerySignatureAlgorithmDSA": "http://www.w3.org/2009/xmldsig11#dsa-sha256", + "QuerySignatureAlgorithmEC": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512", + "QuerySignatureAlgorithmRSA": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", + "aesKeyWrapAlgorithm": "http://www.w3.org/2001/04/xmlenc#kw-aes256", + "canonicalizationAlgorithm": "http://www.w3.org/2001/10/xml-exc-c14n#", + "maskGenerationFunction": "http://www.w3.org/2009/xmlenc11#mgf1sha256", + "rsaKeyTransportAlgorithm": "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p", + "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", + "transformationAlgorithm": "http://www.w3.org/2001/10/xml-exc-c14n#", + }, + "generalConfig": { + "certificateChecking": "on", + "maxContentLength": 20480, + "samlErrorPageHttpBinding": "HTTP-POST", + "samlErrorPageUrl": "/saml2/jsp/saml2error.jsp", + }, + "implementationClasses": { + "configurationClass": "com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl", + "datastoreClass": "com.sun.identity.plugin.datastore.impl.IdRepoDataStoreProvider", + "keyProviderClass": "com.sun.identity.saml.xmlsig.JKSKeyProvider", + "loggerClass": "com.sun.identity.plugin.log.impl.LogProvider", + "passwordDecoderClass": "com.sun.identity.saml.xmlsig.FMPasswordDecoder", + "rootUrlProviderClass": "org.forgerock.openam.federation.plugin.rooturl.impl.FmRootUrlProvider", + "sessionProviderClass": "com.sun.identity.plugin.session.impl.FMSessionProvider", + "signatureProviderClass": "com.sun.identity.saml.xmlsig.AMSignatureProvider", + }, + "location": "global", + "montoring": { + "monitoringAgentClass": "com.sun.identity.plugin.monitoring.impl.AgentProvider", + "monitoringSaml2Class": "com.sun.identity.plugin.monitoring.impl.FedMonSAML2SvcProvider", + }, + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/federationmulti.service.json 1`] = ` +{ + "service": { + "federation/multi": { + "_id": "", + "_type": { + "_id": "federation/multi", + "collection": false, + "name": "Multi-Federation Protocol", + }, + "location": "global", + "nextDescendents": [], + "singleLogoutHandlerList": [ + "key=WSFED|class=com.sun.identity.multiprotocol.WSFederationSingleLogoutHandler", + "key=SAML2|class=com.sun.identity.multiprotocol.SAML2SingleLogoutHandler", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/federationsaml2soapbinding.service.json 1`] = ` +{ + "service": { + "federation/saml2soapbinding": { + "_id": "", + "_type": { + "_id": "federation/saml2soapbinding", + "collection": false, + "name": "SAML v2.0 SOAP Binding", + }, + "location": "global", + "nextDescendents": [], + "requestHandlers": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/globalization.service.json 1`] = ` +{ + "service": { + "globalization": { + "_id": "", + "_type": { + "_id": "globalization", + "collection": false, + "name": "Globalization Settings", + }, + "charsetMappings": [ + "locale=zh|charset=UTF-8;GB2312", + "locale=ar|charset=UTF-8;ISO-8859-6", + "locale=es|charset=UTF-8;ISO-8859-15", + "locale=de|charset=UTF-8;ISO-8859-15", + "locale=zh_TW|charset=UTF-8;BIG5", + "locale=fr|charset=UTF-8;ISO-8859-15", + "locale=ko|charset=UTF-8;EUC-KR", + "locale=en|charset=UTF-8;ISO-8859-1", + "locale=th|charset=UTF-8;TIS-620", + "locale=ja|charset=UTF-8;Shift_JIS;EUC-JP", + ], + "defaults": { + "commonNameFormats": [ + "zh={sn}{givenname}", + ], + }, + "location": "global", + "nextDescendents": [], + "sun-identity-g11n-settings-charset-alias-mapping": [ + "mimeName=EUC-KR|javaName=EUC_KR", + "mimeName=EUC-JP|javaName=EUC_JP", + "mimeName=Shift_JIS|javaName=SJIS", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/id-repositories.service.json 1`] = ` +{ + "service": { + "id-repositories": { + "_id": "", + "_type": { + "_id": "id-repositories", + "collection": false, + "name": "sunIdentityRepositoryService", + }, + "defaults": { + "sunIdRepoAttributeCombiner": "com.iplanet.am.sdk.AttributeCombiner", + "sunIdRepoAttributeValidator": [ + "class=com.sun.identity.idm.server.IdRepoAttributeValidatorImpl", + "minimumPasswordLength=8", + "usernameInvalidChars=*|(|)|&|!", + ], + }, + "location": "global", + "nextDescendents": [ + { + "_id": "agent", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "agentgroup", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "agentonly", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "filteredrole", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "group", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "realm", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "role", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "user", + "_type": { + "_id": "SupportedIdentities", + "collection": true, + "name": "SupportedIdentities", + }, + }, + { + "_id": "amAdmin", + "_type": { + "_id": "user", + "collection": true, + "name": "User", + }, + "cn": "amAdmin", + "dn": "uid=amAdmin,ou=people,", + "givenName": "amAdmin", + "inetUserStatus": "Active", + "iplanet-am-user-auth-config": "[Empty]", + "roles": [], + "sn": "amAdmin", + "userPassword": null, + }, + { + "_id": "anonymous", + "_type": { + "_id": "user", + "collection": true, + "name": "User", + }, + "cn": "anonymous", + "dn": "uid=anonymous,ou=people,", + "givenName": "anonymous", + "inetUserStatus": "Inactive", + "iplanet-am-user-auth-config": "[Empty]", + "roles": [], + "sn": "anonymous", + "userPassword": null, + }, + { + "_id": "dsameuser", + "_type": { + "_id": "user", + "collection": true, + "name": "User", + }, + "dn": "cn=dsameuser,ou=DSAME Users,", + "inetUserStatus": "Active", + "iplanet-am-user-auth-config": "[Empty]", + "roles": [], + "userPassword": null, + }, + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/idm-integration.service.json 1`] = ` +{ + "service": { + "idm-integration": { + "_id": "", + "_type": { + "_id": "idm-integration", + "collection": false, + "name": "IDM Provisioning", + }, + "configurationCacheDuration": 0, + "enabled": false, + "idmProvisioningClient": "idm-provisioning", + "jwtSigningCompatibilityMode": false, + "location": "global", + "nextDescendents": [], + "provisioningClientScopes": [ + "fr:idm:*", + ], + "useInternalOAuth2Provider": false, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/iot.service.json 1`] = ` +{ + "service": { + "iot": { + "_id": "", + "_type": { + "_id": "iot", + "collection": false, + "name": "IoT Service", + }, + "defaults": { + "attributeAllowlist": [ + "thingConfig", + ], + "createOAuthClient": false, + "createOAuthJwtIssuer": false, + "oauthClientName": "forgerock-iot-oauth2-client", + "oauthJwtIssuerName": "forgerock-iot-jwt-issuer", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/logging.service.json 1`] = ` +{ + "service": { + "logging": { + "_id": "", + "_type": { + "_id": "logging", + "collection": false, + "name": "Logging", + }, + "database": { + "databaseFailureMemoryBufferSize": 2, + "driver": "oracle.jdbc.driver.OracleDriver", + "maxRecords": 500, + "user": "dbuser", + }, + "file": { + "location": "%BASE_DIR%/var/audit/", + "maxFileSize": 100000000, + "numberHistoryFiles": 1, + "rotationEnabled": true, + "rotationInterval": -1, + "suffix": "-MM.dd.yy-kk.mm", + }, + "general": { + "bufferSize": 25, + "bufferTime": 60, + "buffering": "ON", + "certificateStore": "%BASE_DIR%/var/audit/Logger.jks", + "fields": [ + "IPAddr", + "LoggedBy", + "LoginID", + "NameID", + "ModuleName", + "ContextID", + "Domain", + "LogLevel", + "HostName", + "MessageID", + ], + "filesPerKeystore": 5, + "jdkLoggingLevel": "INFO", + "security": "OFF", + "signaturePeriod": 900, + "signingAlgorithm": "SHA1withRSA", + "status": "INACTIVE", + "type": "File", + "verifyPeriod": 3600, + }, + "location": "global", + "nextDescendents": [], + "resolveHostName": false, + "syslog": { + "facility": "local5", + "host": "localhost", + "port": 514, + "protocol": "UDP", + "timeout": 30, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/monitoring.service.json 1`] = ` +{ + "service": { + "monitoring": { + "_id": "", + "_type": { + "_id": "monitoring", + "collection": false, + "name": "Monitoring", + }, + "authfilePath": "%BASE_DIR%/security/openam_mon_auth", + "enabled": true, + "httpEnabled": false, + "httpPort": 8082, + "location": "global", + "nextDescendents": [ + { + "_id": "crest", + "_type": { + "_id": "crest", + "collection": true, + "name": "CREST Reporter", + }, + "enabled": false, + }, + { + "_id": "prometheus", + "_type": { + "_id": "prometheus", + "collection": true, + "name": "Prometheus Reporter", + }, + "authenticationType": "BASIC", + "enabled": false, + "password": null, + "username": "prometheus", + }, + ], + "policyHistoryWindowSize": 10000, + "rmiEnabled": false, + "rmiPort": 9999, + "sessionHistoryWindowSize": 10000, + "snmpEnabled": false, + "snmpPort": 8085, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/naming.service.json 1`] = ` +{ + "service": { + "naming": { + "_id": "", + "_type": { + "_id": "naming", + "collection": false, + "name": "Naming", + }, + "endpointConfig": { + "jaxwsUrl": "%protocol://%host:%port%uri/identityservices/", + "stsMexUrl": "%protocol://%host:%port%uri/sts/mex", + "stsUrl": "%protocol://%host:%port%uri/sts", + }, + "federationConfig": { + "jaxrpcUrl": "%protocol://%host:%port%uri/jaxrpc/", + "samlAssertionManagerUrl": "%protocol://%host:%port%uri/AssertionManagerServlet/AssertionManagerIF", + "samlAwareServletUrl": "%protocol://%host:%port%uri/SAMLAwareServlet", + "samlPostServletUrl": "%protocol://%host:%port%uri/SAMLPOSTProfileServlet", + "samlSoapReceiverUrl": "%protocol://%host:%port%uri/SAMLSOAPReceiver", + }, + "generalConfig": { + "authUrl": "%protocol://%host:%port%uri/authservice", + "loggingUrl": "%protocol://%host:%port%uri/loggingservice", + "policyUrl": "%protocol://%host:%port%uri/policyservice", + "profileUrl": "%protocol://%host:%port%uri/profileservice", + "sessionUrl": "%protocol://%host:%port%uri/sessionservice", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/oauth-oidc.service.json 1`] = ` +{ + "service": { + "oauth-oidc": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "allowUnauthorisedAccessToUserCodeForm": false, + "blacklistCacheSize": 10000, + "blacklistPollInterval": 60, + "blacklistPurgeDelay": 1, + "defaults": { + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": false, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "changeme", + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + ], + "supportedScopes": [], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": false, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + }, + }, + "jwtTokenLifetimeValidationEnabled": true, + "jwtTokenRequiredClaims": [], + "jwtTokenUnreasonableLifetime": 86400, + "location": "global", + "nextDescendents": [], + "statelessGrantTokenUpgradeCompatibilityMode": false, + "storageScheme": "CTS_ONE_TO_ONE_MODEL", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/pingOneWorkerService.service.json 1`] = ` +{ + "service": { + "pingOneWorkerService": { + "_id": "", + "_type": { + "_id": "pingOneWorkerService", + "collection": false, + "name": "PingOne Worker Service", + }, + "defaults": { + "enabled": true, + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/platform.service.json 1`] = ` +{ + "service": { + "platform": { + "_id": "", + "_type": { + "_id": "platform", + "collection": false, + "name": "Platform", + }, + "cookieDomains": [], + "locale": "en_US", + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/policyconfiguration.service.json 1`] = ` +{ + "service": { + "policyconfiguration": { + "_id": "", + "_type": { + "_id": "policyconfiguration", + "collection": false, + "name": "Policy Configuration", + }, + "continueEvaluationOnDeny": false, + "defaults": { + "bindDn": "cn=Directory Manager", + "checkIfResourceTypeExists": true, + "connectionPoolMaximumSize": 10, + "connectionPoolMinimumSize": 1, + "ldapServer": [ + "localhost:50636", + ], + "maximumSearchResults": 100, + "mtlsEnabled": false, + "policyHeartbeatInterval": 10, + "policyHeartbeatTimeUnit": "SECONDS", + "realmSearchFilter": "(objectclass=sunismanagedorganization)", + "searchTimeout": 5, + "sslEnabled": true, + "subjectsResultTTL": 10, + "userAliasEnabled": false, + "usersBaseDn": "dc=openam,dc=forgerock,dc=org", + "usersSearchAttribute": "uid", + "usersSearchFilter": "(objectclass=inetorgperson)", + "usersSearchScope": "SCOPE_SUB", + }, + "location": "global", + "nextDescendents": [], + "realmAliasReferrals": false, + "resourceComparators": [ + "serviceType=iPlanetAMWebAgentService|class=com.sun.identity.policy.plugins.HttpURLResourceName|wildcard=*|oneLevelWildcard=-*-|delimiter=/|caseSensitive=false", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/pushNotification.service.json 1`] = ` +{ + "service": { + "pushNotification": { + "_id": "", + "_type": { + "_id": "pushNotification", + "collection": false, + "name": "Push Notification Service", + }, + "defaults": { + "delegateFactory": "org.forgerock.openam.services.push.sns.SnsHttpDelegateFactory", + "mdCacheSize": 10000, + "mdConcurrency": 16, + "mdDuration": 120, + "region": "us-east-1", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/rest.service.json 1`] = ` +{ + "service": { + "rest": { + "_id": "", + "_type": { + "_id": "rest", + "collection": false, + "name": "REST APIs", + }, + "csrfFilterEnabled": true, + "defaultProtocolVersion": "Latest", + "defaultVersion": "Latest", + "descriptionsState": "STATIC", + "location": "global", + "nextDescendents": [], + "warningHeader": true, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/saml2.service.json 1`] = ` +{ + "service": { + "saml2": { + "_id": "", + "_type": { + "_id": "saml2", + "collection": false, + "name": "SAML v2.0 Service Configuration", + }, + "bufferLength": 2048, + "caCertValidation": false, + "cacheCleanupInterval": 600, + "encryptedKeyInKeyInfo": true, + "idpDiscoveryCookieType": "PERSISTENT", + "idpDiscoveryUrlSchema": "HTTPS", + "location": "global", + "nameIDInfoAttribute": "sun-fm-saml2-nameid-info", + "nameIDInfoKeyAttribute": "sun-fm-saml2-nameid-infokey", + "nextDescendents": [], + "signingCertValidation": false, + "xmlEncryptionClass": "com.sun.identity.saml2.xmlenc.FMEncProvider", + "xmlSigningClass": "com.sun.identity.saml2.xmlsig.FMSigProvider", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/security.service.json 1`] = ` +{ + "service": { + "security": { + "_id": "", + "_type": { + "_id": "security", + "collection": false, + "name": "Legacy User Self Service", + }, + "defaults": { + "confirmationIdHmacKey": "YcGfeuzSM14OG5djEcxEnvPydX28nsuxAZyDX1VA8iY=", + "forgotPasswordConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", + "forgotPasswordEnabled": false, + "forgotPasswordTokenLifetime": 900, + "protectedUserAttributes": [], + "selfRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/confirm.html", + "selfRegistrationEnabled": false, + "selfRegistrationTokenLifetime": 900, + "selfServiceEnabled": false, + "userRegisteredDestination": "default", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/selfService.service.json 1`] = ` +{ + "service": { + "selfService": { + "_id": "", + "_type": { + "_id": "selfService", + "collection": false, + "name": "User Self-Service", + }, + "defaults": { + "advancedConfig": { + "forgottenPasswordConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#passwordReset/", + "forgottenPasswordServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenPasswordConfigProvider", + "forgottenUsernameServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.ForgottenUsernameConfigProvider", + "userRegistrationConfirmationUrl": "http://localhost:8080/am/XUI/?realm=\${realm}#register/", + "userRegistrationServiceConfigClass": "org.forgerock.openam.selfservice.config.flows.UserRegistrationConfigProvider", + }, + "forgottenPassword": { + "forgottenPasswordCaptchaEnabled": false, + "forgottenPasswordEmailBody": [ + "en|

Click on this link to reset your password.

", + ], + "forgottenPasswordEmailSubject": [ + "en|Forgotten password email", + ], + "forgottenPasswordEmailVerificationEnabled": true, + "forgottenPasswordEnabled": false, + "forgottenPasswordKbaEnabled": false, + "forgottenPasswordTokenPaddingLength": 450, + "forgottenPasswordTokenTTL": 300, + "numberOfAllowedAttempts": 1, + "numberOfAttemptsEnforced": false, + }, + "forgottenUsername": { + "forgottenUsernameCaptchaEnabled": false, + "forgottenUsernameEmailBody": [ + "en|

Your username is %username%.

", + ], + "forgottenUsernameEmailSubject": [ + "en|Forgotten username email", + ], + "forgottenUsernameEmailUsernameEnabled": true, + "forgottenUsernameEnabled": false, + "forgottenUsernameKbaEnabled": false, + "forgottenUsernameShowUsernameEnabled": false, + "forgottenUsernameTokenTTL": 300, + }, + "generalConfig": { + "captchaVerificationUrl": "https://www.google.com/recaptcha/api/siteverify", + "kbaQuestions": [ + "4|en|What is your mother's maiden name?", + "3|en|What was the name of your childhood pet?", + "2|en|What was the model of your first car?", + "1|en|What is the name of your favourite restaurant?", + ], + "minimumAnswersToDefine": 1, + "minimumAnswersToVerify": 1, + "validQueryAttributes": [ + "uid", + "mail", + "givenName", + "sn", + ], + }, + "profileManagement": { + "profileAttributeWhitelist": [ + "uid", + "telephoneNumber", + "mail", + "kbaInfo", + "givenName", + "sn", + "cn", + ], + "profileProtectedUserAttributes": [ + "telephoneNumber", + "mail", + ], + }, + "userRegistration": { + "userRegisteredDestination": "default", + "userRegistrationCaptchaEnabled": false, + "userRegistrationEmailBody": [ + "en|

Click on this link to register.

", + ], + "userRegistrationEmailSubject": [ + "en|Registration email", + ], + "userRegistrationEmailVerificationEnabled": true, + "userRegistrationEmailVerificationFirstEnabled": false, + "userRegistrationEnabled": false, + "userRegistrationKbaEnabled": false, + "userRegistrationTokenTTL": 300, + "userRegistrationValidUserAttributes": [ + "userPassword", + "mail", + "givenName", + "kbaInfo", + "inetUserStatus", + "sn", + "username", + ], + }, + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/selfServiceTrees.service.json 1`] = ` +{ + "service": { + "selfServiceTrees": { + "_id": "", + "_type": { + "_id": "selfServiceTrees", + "collection": false, + "name": "Self Service Trees", + }, + "defaults": { + "enabled": true, + "treeMapping": {}, + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/session.service.json 1`] = ` +{ + "service": { + "session": { + "_id": "", + "_type": { + "_id": "session", + "collection": false, + "name": "Session", + }, + "dynamic": { + "maxCachingTime": 3, + "maxIdleTime": 30, + "maxSessionTime": 120, + "quotaLimit": 5, + }, + "general": { + "crossUpgradeReferenceFlag": false, + "dnRestrictionOnly": false, + "latestAccessTimeUpdateFrequency": 60, + "timeoutHandlers": [], + }, + "location": "global", + "nextDescendents": [], + "notifications": { + "notificationPropertyList": [], + "propertyChangeNotifications": "OFF", + }, + "quotas": { + "behaviourWhenQuotaExhausted": "org.forgerock.openam.session.service.DestroyNextExpiringAction", + "denyLoginWhenRepoDown": "NO", + "iplanet-am-session-enable-session-constraint": "OFF", + "quotaConstraintMaxWaitTime": 6000, + }, + "search": { + "maxSessionListSize": 120, + "sessionListRetrievalTimeout": 5, + }, + "stateless": { + "openam-session-stateless-blacklist-cache-size": 10000, + "openam-session-stateless-blacklist-poll-interval": 60, + "openam-session-stateless-blacklist-purge-delay": 1, + "openam-session-stateless-enable-session-blacklisting": false, + "openam-session-stateless-logout-poll-interval": 60, + "statelessCompressionType": "NONE", + "statelessEncryptionAesKey": null, + "statelessEncryptionType": "DIRECT", + "statelessLogoutByUser": false, + "statelessSigningHmacSecret": null, + "statelessSigningType": "HS256", + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/socialauthentication.service.json 1`] = ` +{ + "service": { + "socialauthentication": { + "_id": "", + "_type": { + "_id": "socialauthentication", + "collection": false, + "name": "Social Authentication Implementations", + }, + "defaults": { + "authenticationChains": {}, + "displayNames": {}, + "enabledKeys": [], + "icons": {}, + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/transaction.service.json 1`] = ` +{ + "service": { + "transaction": { + "_id": "", + "_type": { + "_id": "transaction", + "collection": false, + "name": "Transaction Authentication Service", + }, + "defaults": { + "timeToLive": "180", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/uma.service.json 1`] = ` +{ + "service": { + "uma": { + "_id": "", + "_type": { + "_id": "uma", + "collection": false, + "name": "UMA Provider", + }, + "defaults": { + "claimsGathering": { + "claimsGatheringService": "[Empty]", + "interactiveClaimsGatheringEnabled": false, + "pctLifetime": 604800, + }, + "generalSettings": { + "deletePoliciesOnDeleteRS": true, + "deleteResourceSetsOnDeleteRS": true, + "emailRequestingPartyOnPendingRequestApproval": true, + "emailResourceOwnerOnPendingRequestCreation": true, + "grantResourceOwnerImplicitConsent": true, + "grantRptConditions": [ + "REQUEST_PARTIAL", + "REQUEST_NONE", + "TICKET_PARTIAL", + ], + "pendingRequestsEnabled": true, + "permissionTicketLifetime": 120, + "resharingMode": "IMPLICIT", + "userProfileLocaleAttribute": "inetOrgPerson", + }, + }, + "location": "global", + "nextDescendents": [], + "umaPolicyUpgradeCompatibilityMode": false, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/user.service.json 1`] = ` +{ + "service": { + "user": { + "_id": "", + "_type": { + "_id": "user", + "collection": false, + "name": "User", + }, + "dynamic": { + "defaultUserStatus": "Active", + }, + "location": "global", + "nextDescendents": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/service/validation.service.json 1`] = ` +{ + "service": { + "validation": { + "_id": "", + "_type": { + "_id": "validation", + "collection": false, + "name": "Validation Service", + }, + "defaults": { + "validGotoDestinations": [], + }, + "location": "global", + "nextDescendents": [], + "validGotoDestinations": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/site/testsite.site.json 1`] = ` +{ + "site": { + "testsite": { + "_id": "testsite", + "secondaryURLs": [], + "servers": [ + { + "id": "03", + "url": "http://localhost:8081/am", + }, + ], + "url": "http://testurl.com:8080", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/global/webhookService/webhooks.webhookService.json 1`] = ` +{ + "webhookService": { + "webhooks": { + "_id": "", + "_type": { + "_id": "webhooks", + "collection": false, + "name": "Webhook Service", + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agent/Test-IG.agent.json 1`] = ` +{ + "agent": { + "Test IG": { + "_id": "Test IG", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [], + "igTokenIntrospection": "None", + "secretLabelIdentifier": null, + "status": "Active", + "userpassword": null, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agent/Test-SOAP-STS.agent.json 1`] = ` +{ + "agent": { + "Test SOAP STS": { + "_id": "Test SOAP STS", + "_type": { + "_id": "SoapSTSAgent", + "collection": true, + "name": "SOAP STS Agents", + }, + "agentgroup": null, + "publishServicePollInterval": 300, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agent/Test-Web.agent.json 1`] = ` +{ + "agent": { + "Test Web": { + "_id": "Test Web", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testurl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "secretLabelIdentifier": null, + "ssoOnlyMode": false, + "status": "Active", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agent/my-policy-agent.agent.json 1`] = ` +{ + "agent": { + "my-policy-agent": { + "_id": "my-policy-agent", + "_type": { + "_id": "2.2_Agent", + "collection": true, + "name": "Policy Agents", + }, + "cdssoRootUrl": [], + "description": null, + "status": "Active", + "userpassword": null, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agent/test.agent.json 1`] = ` +{ + "agent": { + "test": { + "_id": "test", + "_type": { + "_id": "RemoteConsentAgent", + "collection": true, + "name": "OAuth2 Remote Consent Service", + }, + "agentgroup": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "remoteConsentRedirectUrl": null, + "remoteConsentRequestEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentRequestEncryptionEnabled": true, + "remoteConsentRequestEncryptionMethod": "A128GCM", + "remoteConsentRequestSigningAlgorithm": "RS256", + "remoteConsentResponseEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentResponseEncryptionMethod": "A128GCM", + "remoteConsentResponseSigningAlg": "RS256", + "requestTimeLimit": 180, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agent/test-java.agent.json 1`] = ` +{ + "agent": { + "test java": { + "_id": "test java", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": "Test Java Group", + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/", + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "secretLabelIdentifier": null, + "status": "Active", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "userpassword": null, + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/test/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http", + }, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": "/test/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agent/test-software-publisher.agent.json 1`] = ` +{ + "agent": { + "test software publisher": { + "_id": "test software publisher", + "_type": { + "_id": "SoftwarePublisher", + "collection": true, + "name": "OAuth2 Software Publisher", + }, + "agentgroup": null, + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "softwareStatementSigningAlgorithm": "RS256", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agentGroup/Oauth2-group.agentGroup.json 1`] = ` +{ + "agentGroup": { + "Oauth2 group": { + "_id": "Oauth2 group", + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "authorization_code", + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [], + "status": "Active", + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [], + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [], + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agentGroup/Remote-consent-group.agentGroup.json 1`] = ` +{ + "agentGroup": { + "Remote consent group": { + "_id": "Remote consent group", + "_type": { + "_id": "RemoteConsentAgent", + "collection": true, + "name": "OAuth2 Remote Consent Service", + }, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "remoteConsentRedirectUrl": null, + "remoteConsentRequestEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentRequestEncryptionEnabled": true, + "remoteConsentRequestEncryptionMethod": "A128GCM", + "remoteConsentRequestSigningAlgorithm": "RS256", + "remoteConsentResponseEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentResponseEncryptionMethod": "A128GCM", + "remoteConsentResponseSigningAlg": "RS256", + "requestTimeLimit": 180, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agentGroup/Software-publisher-group.agentGroup.json 1`] = ` +{ + "agentGroup": { + "Software publisher group": { + "_id": "Software publisher group", + "_type": { + "_id": "SoftwarePublisher", + "collection": true, + "name": "OAuth2 Software Publisher", + }, + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "softwareStatementSigningAlgorithm": "RS256", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agentGroup/Test-IG-Group.agentGroup.json 1`] = ` +{ + "agentGroup": { + "Test IG Group": { + "_id": "Test IG Group", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents", + }, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [], + "igTokenIntrospection": "None", + "status": "Active", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agentGroup/Test-Java-Group.agentGroup.json 1`] = ` +{ + "agentGroup": { + "Test Java Group": { + "_id": "Test Java Group", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents", + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "", + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "", + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {}, + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "", + ], + "conditionalLogoutUrl": [ + "", + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "", + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "", + ], + "urlPolicyEnvJsessionParameters": [ + "", + ], + "urlPolicyEnvPostParameters": [ + "", + ], + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF", + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "", + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL", + }, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "status": "Active", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "", + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": null, + "legacyUserAgentList": [ + "Mozilla/4.7*", + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": {}, + "unwantedHttpUrlParams": [ + "", + ], + "unwantedHttpUrlRegexParams": [ + "", + ], + "wantedHttpUrlParams": [ + "", + ], + "wantedHttpUrlRegexParams": [ + "", + ], + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "", + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "", + ], + "cdssoRedirectUri": null, + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "", + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {}, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agentGroup/Test-SOAP-STS-group.agentGroup.json 1`] = ` +{ + "agentGroup": { + "Test SOAP STS group": { + "_id": "Test SOAP STS group", + "_type": { + "_id": "SoapSTSAgent", + "collection": true, + "name": "SOAP STS Agents", + }, + "publishServicePollInterval": 300, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agentGroup/Test-Web-Group.agentGroup.json 1`] = ` +{ + "agentGroup": { + "Test Web Group": { + "_id": "Test Web Group", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testurl.com:8080/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Active", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agentGroup/Trusted-JWT-group.agentGroup.json 1`] = ` +{ + "agentGroup": { + "Trusted JWT group": { + "_id": "Trusted JWT group", + "_type": { + "_id": "TrustedJwtIssuer", + "collection": true, + "name": "OAuth2 Trusted JWT Issuer", + }, + "allowedSubjects": [], + "consentedScopesClaim": "scope", + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "resourceOwnerIdentityClaim": "sub", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/agentGroup/testwebgroup.agentGroup.json 1`] = ` +{ + "agentGroup": { + "testwebgroup": { + "_id": "testwebgroup", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents", + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "", + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false, + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://test.com:8080/cool/UI/Logout", + ], + "applicationLogoutUrls": [ + "", + ], + "conditionalLoginUrl": [ + "", + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "", + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "", + ], + "regexConditionalLoginUrl": [ + "", + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session", + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "", + ], + "notEnforcedIpsList": [ + "", + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "", + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {}, + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Active", + "webSocketConnectionIntervalInMinutes": 30, + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "", + ], + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "", + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "", + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/authentication/root.authentication.settings.json 1`] = ` +{ + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core", + }, + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true, + }, + "core": { + "adminAuthModule": "ldapService", + "orgConfig": "ldapService", + }, + "general": { + "defaultAuthLevel": 0, + "identityType": [ + "agent", + "user", + ], + "locale": "en_US", + "statelessSessionsEnabled": false, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [], + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/am/console", + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true, + }, + "security": { + "addClearSiteDataHeader": true, + "moduleBasedAuthEnabled": true, + "sharedSecret": null, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [], + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 5, + }, + "userprofile": { + "aliasAttributeName": [ + "uid", + ], + "defaultRole": [], + "dynamicProfileCreation": "false", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/authenticationChains/amsterService.authenticationChains.json 1`] = ` +{ + "authenticationChains": { + "amsterService": { + "_id": "amsterService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "Amster", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/authenticationChains/ldapService.authenticationChains.json 1`] = ` +{ + "authenticationChains": { + "ldapService": { + "_id": "ldapService", + "_type": { + "_id": "EMPTY", + "collection": true, + "name": "Authentication Configuration", + }, + "authChainConfiguration": [ + { + "criteria": "REQUIRED", + "module": "DataStore", + "options": {}, + }, + ], + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/cot/Test-COT.cot.saml.json 1`] = ` +{ + "saml": { + "cot": { + "Test COT": { + "_id": "Test COT", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust", + }, + "status": "active", + "trustedProviders": [], + }, + }, + "hosted": {}, + "metadata": {}, + "remote": {}, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/idp/Google-Test.idp.json 1`] = ` +{ + "idp": { + "Google Test": { + "_id": "Google Test", + "_type": { + "_id": "googleConfig", + "collection": true, + "name": "Client configuration for Google.", + }, + "acrValues": [], + "authenticationIdKey": "sub", + "authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "test", + "enableNativeNonce": true, + "enabled": true, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://accounts.google.com", + "issuerComparisonCheckType": "EXACT", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://testurl.com", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "openid", + "profile", + "email", + ], + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "transform": "58d29080-4563-480b-89bb-1e7719776a21", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #fff; color: #757575; border-color: #ddd;", + "buttonCustomStyleHover": "color: #6d6d6d; background-color: #eee; border-color: #ccc;", + "buttonDisplayName": "Google", + "buttonImage": "images/g-logo.png", + "iconBackground": "#4184f3", + "iconClass": "fa-google", + "iconFontColor": "white", + }, + "useCustomTrustStore": false, + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://accounts.google.com/.well-known/openid-configuration", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/Agent.journey.json 1`] = ` +{ + "trees": { + "Agent": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "_id": "a87ff679-a2f3-371d-9181-a67b7542122c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AgentDataStoreDecisionNode", + "collection": true, + "name": "Agent Data Store Decision", + }, + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "_id": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Agent", + "description": "null", + "enabled": true, + "entryNodeId": "e4da3b7f-bbce-3345-9777-2b0674a318d5", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "a87ff679-a2f3-371d-9181-a67b7542122c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Agent Data Store Decision", + "nodeType": "AgentDataStoreDecisionNode", + }, + "e4da3b7f-bbce-3345-9777-2b0674a318d5": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "a87ff679-a2f3-371d-9181-a67b7542122c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/Example.journey.json 1`] = ` +{ + "trees": { + "Example": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "_id": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "_id": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "_id": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "_id": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "_outcomes": [ + { + "displayName": "Has Credentials", + "id": "true", + }, + { + "displayName": "No Credentials", + "id": "false", + }, + ], + "_type": { + "_id": "ZeroPageLoginNode", + "collection": true, + "name": "Zero Page Login Collector", + }, + "allowWithoutReferer": true, + "passwordHeader": "X-OpenAM-Password", + "referrerWhiteList": [], + "usernameHeader": "X-OpenAM-Username", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Example", + "description": "null", + "enabled": true, + "entryNodeId": "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "c4ca4238-a0b9-3382-8dcc-509a6f75849b": { + "connections": { + "outcome": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "c81e728d-9d4c-3f63-af06-7f89cc14862c": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "cfcd2084-95d5-35ef-a6e7-dff9f98764da": { + "connections": { + "outcome": "c4ca4238-a0b9-3382-8dcc-509a6f75849b", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + "eccbc87e-4b5c-32fe-a830-8fd9f2a7baf3": { + "connections": { + "false": "cfcd2084-95d5-35ef-a6e7-dff9f98764da", + "true": "c81e728d-9d4c-3f63-af06-7f89cc14862c", + }, + "displayName": "Zero Page Login Collector", + "nodeType": "ZeroPageLoginNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/Facebook-ProvisionIDMAccount.journey.json 1`] = ` +{ + "trees": { + "Facebook-ProvisionIDMAccount": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "_id": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialFacebookNode", + "collection": true, + "name": "Social Facebook", + }, + "authenticationIdKey": "id", + "authorizeEndpoint": "https://www.facebook.com/dialog/oauth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|facebook-", + "cfgAccountMapperConfiguration": { + "id": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|facebook-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "first_name": "givenName", + "id": "iplanet-am-user-alias-list", + "last_name": "sn", + "name": "cn", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "facebook", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "public_profile,email", + "tokenEndpoint": "https://graph.facebook.com/v2.12/oauth/access_token", + "userInfoEndpoint": "https://graph.facebook.com/v2.6/me?fields=name%2Cemail%2Cfirst_name%2Clast_name", + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "_id": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionIdmAccountNode", + "collection": true, + "name": "Provision IDM Account", + }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Facebook-ProvisionIDMAccount", + "description": "null", + "enabled": true, + "entryNodeId": "37693cfc-7480-39e4-9d87-b8c7d8b9aacd", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "37693cfc-7480-39e4-9d87-b8c7d8b9aacd": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "b6d767d2-f8ed-3d21-a44b-0e5886680cb9", + }, + "displayName": "Facebook Social Authentication", + "nodeType": "SocialFacebookNode", + }, + "b6d767d2-f8ed-3d21-a44b-0e5886680cb9": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision IDM Account", + "nodeType": "ProvisionIdmAccountNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/Google-AnonymousUser.journey.json 1`] = ` +{ + "trees": { + "Google-AnonymousUser": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "_id": "1ff1de77-4005-38da-93f4-2943881c655f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetSuccessUrlNode", + "collection": true, + "name": "Success URL", + }, + "successUrl": "https://www.forgerock.com/", + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "_id": "4e732ced-3463-306d-a0ca-9a15b6153677", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", + }, + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "_id": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AnonymousUserNode", + "collection": true, + "name": "Anonymous User Mapping", + }, + "anonymousUserName": "anonymous", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-AnonymousUser", + "description": "null", + "enabled": true, + "entryNodeId": "4e732ced-3463-306d-a0ca-9a15b6153677", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1ff1de77-4005-38da-93f4-2943881c655f": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Success URL", + "nodeType": "SetSuccessUrlNode", + }, + "4e732ced-3463-306d-a0ca-9a15b6153677": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "8e296a06-7a37-3633-b0de-d05f5a3bf3ec", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + }, + "8e296a06-7a37-3633-b0de-d05f5a3bf3ec": { + "connections": { + "outcome": "1ff1de77-4005-38da-93f4-2943881c655f", + }, + "displayName": "Map to Anonymous User", + "nodeType": "AnonymousUserNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/Google-DynamicAccountCreation.journey.json 1`] = ` +{ + "trees": { + "Google-DynamicAccountCreation": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "_id": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ProvisionDynamicAccountNode", + "collection": true, + "name": "Provision Dynamic Account", + }, + "accountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + }, + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "_id": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "CreatePasswordNode", + "collection": true, + "name": "Create Password", + }, + "minPasswordLength": 0, + }, + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "_id": "33e75ff0-9dd6-31bb-a69f-351039152189", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS", + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT", + }, + ], + "_type": { + "_id": "SocialGoogleNode", + "collection": true, + "name": "Social Google", + }, + "authenticationIdKey": "sub", + "authorizeEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "basicAuth": true, + "cfgAccountMapperClass": "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|*|google-", + "cfgAccountMapperConfiguration": { + "sub": "iplanet-am-user-alias-list", + }, + "cfgAccountProviderClass": "org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider", + "cfgAttributeMappingClasses": [ + "org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper|iplanet-am-user-alias-list|google-", + ], + "cfgAttributeMappingConfiguration": { + "email": "mail", + "family_name": "sn", + "given_name": "givenName", + "name": "cn", + "sub": "iplanet-am-user-alias-list", + }, + "cfgMixUpMitigation": false, + "clientId": "aClientId", + "clientSecret": null, + "provider": "google", + "redirectURI": "http://localhost:8080/am", + "saveUserAttributesToSession": true, + "scopeString": "profile email", + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "_id": "34173cb3-8f07-389d-9beb-c2ac9128303f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", + }, + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "_id": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "_id": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", + }, + "length": 8, + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "_id": "c16a5320-fa47-3530-9958-3c34fd356ef5", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", + }, + "passwordExpiryTime": 5, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Google-DynamicAccountCreation", + "description": "null", + "enabled": true, + "entryNodeId": "33e75ff0-9dd6-31bb-a69f-351039152189", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Provision Dynamic Account", + "nodeType": "ProvisionDynamicAccountNode", + }, + "182be0c5-cdcd-3072-bb18-64cdee4d3d6e": { + "connections": { + "outcome": "02e74f10-e032-3ad8-a8d1-38f2b4fdd6f0", + }, + "displayName": "Create Password", + "nodeType": "CreatePasswordNode", + }, + "33e75ff0-9dd6-31bb-a69f-351039152189": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b", + }, + "displayName": "Google Social Authentication", + "nodeType": "SocialGoogleNode", + }, + "34173cb3-8f07-389d-9beb-c2ac9128303f": { + "connections": { + "outcome": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + }, + "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01": { + "connections": { + "Reject": "e301438c-0bd0-429c-ab0c-66126501069a", + "Retry": "c16a5320-fa47-3530-9958-3c34fd356ef5", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + }, + "6ea9ab1b-aa0e-3b9e-9909-4440c317e21b": { + "connections": { + "outcome": "34173cb3-8f07-389d-9beb-c2ac9128303f", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + }, + "c16a5320-fa47-3530-9958-3c34fd356ef5": { + "connections": { + "false": "6364d3f0-f495-36ab-9dcf-8d3b5c6e0b01", + "true": "182be0c5-cdcd-3072-bb18-64cdee4d3d6e", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/HmacOneTimePassword.journey.json 1`] = ` +{ + "trees": { + "HmacOneTimePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "_id": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordGeneratorNode", + "collection": true, + "name": "HOTP Generator", + }, + "length": 8, + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "_id": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "OneTimePasswordCollectorDecisionNode", + "collection": true, + "name": "OTP Collector Decision", + }, + "passwordExpiryTime": 5, + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "_id": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "_id": "70efdf2e-c9b0-3607-9795-c442636b55fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "98f13708-2101-34c4-b568-7be6106a3b84": { + "_id": "98f13708-2101-34c4-b568-7be6106a3b84", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "OneTimePasswordSmtpSenderNode", + "collection": true, + "name": "OTP Email Sender", + }, + "emailAttribute": "mail", + "emailContent": { + "en": "Here is your One Time Password: '{{OTP}}'.

If you did not request this, please contact support.", + }, + "emailSubject": { + "en": "Your One Time Password", + }, + "fromEmailAddress": "admin@example.com", + "hostName": "mail.example.com", + "hostPort": 25, + "password": null, + "smsGatewayImplementationClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "sslOption": "SSL", + "username": "admin@example.com", + }, + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "_id": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "HmacOneTimePassword", + "description": "null", + "enabled": true, + "entryNodeId": "c74d97b0-1eae-357e-84aa-9d5bade97baf", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1f0e3dad-9990-3345-b743-9f8ffabdffc4": { + "connections": { + "outcome": "98f13708-2101-34c4-b568-7be6106a3b84", + }, + "displayName": "HOTP Generator", + "nodeType": "OneTimePasswordGeneratorNode", + }, + "3c59dc04-8e88-3024-bbe8-079a5c74d079": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "OTP Collector Decision", + "nodeType": "OneTimePasswordCollectorDecisionNode", + }, + "6f4922f4-5568-361a-8cdf-4ad2299f6d23": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "1f0e3dad-9990-3345-b743-9f8ffabdffc4", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "70efdf2e-c9b0-3607-9795-c442636b55fb": { + "connections": { + "outcome": "6f4922f4-5568-361a-8cdf-4ad2299f6d23", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "98f13708-2101-34c4-b568-7be6106a3b84": { + "connections": { + "outcome": "3c59dc04-8e88-3024-bbe8-079a5c74d079", + }, + "displayName": "OTP Email Sender", + "nodeType": "OneTimePasswordSmtpSenderNode", + }, + "c74d97b0-1eae-357e-84aa-9d5bade97baf": { + "connections": { + "outcome": "70efdf2e-c9b0-3607-9795-c442636b55fb", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {}, + "e301438c-0bd0-429c-ab0c-66126501069a": {}, + "startNode": {}, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/PersistentCookie.journey.json 1`] = ` +{ + "trees": { + "PersistentCookie": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "_id": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "_id": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SetPersistentCookieNode", + "collection": true, + "name": "Set Persistent Cookie", + }, + "hmacSigningKey": null, + "idleTimeout": 5, + "maxLife": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "_id": "aab32389-22bc-325a-af60-6eb525ffdc56", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "PersistentCookieDecisionNode", + "collection": true, + "name": "Persistent Cookie Decision", + }, + "enforceClientIp": false, + "hmacSigningKey": null, + "idleTimeout": 5, + "persistentCookieName": "session-jwt", + "useHttpOnlyCookie": true, + "useSecureCookie": false, + }, + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "_id": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "_id": "c51ce410-c124-310e-8db5-e4b97fc2af39", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PersistentCookie", + "description": "null", + "enabled": true, + "entryNodeId": "aab32389-22bc-325a-af60-6eb525ffdc56", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "6512bd43-d9ca-36e0-ac99-0b0a82652dca": { + "connections": { + "outcome": "c20ad4d7-6fe9-3759-aa27-a0c99bff6710", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Set Persistent Cookie", + "nodeType": "SetPersistentCookieNode", + }, + "aab32389-22bc-325a-af60-6eb525ffdc56": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Persistent Cookie Decision", + "nodeType": "PersistentCookieDecisionNode", + }, + "c20ad4d7-6fe9-3759-aa27-a0c99bff6710": { + "connections": { + "outcome": "c51ce410-c124-310e-8db5-e4b97fc2af39", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "c51ce410-c124-310e-8db5-e4b97fc2af39": { + "connections": { + "false": "6512bd43-d9ca-36e0-ac99-0b0a82652dca", + "true": "9bf31c7f-f062-336a-96d3-c8bd1f8f2ff3", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/PlatformForgottenUsername.journey.json 1`] = ` +{ + "trees": { + "PlatformForgottenUsername": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "d82c8d16-19ad-3176-9665-453cfb2e55f0": { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, + }, + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "_id": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", + }, + "tree": "PlatformLogin", + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "_id": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "forgottenUsername", + "identityAttribute": "mail", + "objectLookup": true, + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "_id": "a684ecee-e76f-3522-b732-86a895bc8436", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "d82c8d16-19ad-3176-9665-453cfb2e55f0", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Forgotten Username", + }, + "stage": "null", + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "_id": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", + }, + "identityAttribute": "mail", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformForgottenUsername", + "description": "Forgotten Username Tree", + "enabled": true, + "entryNodeId": "a684ecee-e76f-3522-b732-86a895bc8436", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "72b32a1f-754b-31c0-9b36-95e0cb6cde7f": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + }, + "9f61408e-3afb-333e-90cd-f1b20de6f466": { + "connections": { + "outcome": "72b32a1f-754b-31c0-9b36-95e0cb6cde7f", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + }, + "a684ecee-e76f-3522-b732-86a895bc8436": { + "connections": { + "outcome": "b53b3a3d-6ab9-3ce0-a682-29151c9bde11", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "b53b3a3d-6ab9-3ce0-a682-29151c9bde11": { + "connections": { + "false": "9f61408e-3afb-333e-90cd-f1b20de6f466", + "true": "9f61408e-3afb-333e-90cd-f1b20de6f466", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/PlatformLogin.journey.json 1`] = ` +{ + "trees": { + "PlatformLogin": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "642e92ef-b794-3173-8881-b53e1e1b18b6": { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7": { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + }, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "_id": "2838023a-778d-3aec-9c21-2708f721b788", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "_id": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator", + }, + "tree": "PlatformProgressiveProfile", + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "_id": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "_id": "f457c545-a9de-388f-98ec-ee47145a72c0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "67c6a1e7-ce56-33d6-ba74-8ab6d9af3fd7", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "642e92ef-b794-3173-8881-b53e1e1b18b6", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "New here? Create an account
Forgot username? Forgot password?", + }, + "pageHeader": { + "en": "Sign In", + }, + "stage": "null", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformLogin", + "description": "Platform Login Tree", + "enabled": true, + "entryNodeId": "f457c545-a9de-388f-98ec-ee47145a72c0", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "2838023a-778d-3aec-9c21-2708f721b788": { + "connections": { + "outcome": "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + }, + "9a115815-4dfa-32ca-9dbd-0694a4e9bdc8": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + }, + "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "2838023a-778d-3aec-9c21-2708f721b788", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "f457c545-a9de-388f-98ec-ee47145a72c0": { + "connections": { + "outcome": "c0c7c76d-30bd-3dca-afc9-6f40275bdc0a", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/PlatformProgressiveProfile.journey.json 1`] = ` +{ + "trees": { + "PlatformProgressiveProfile": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "f7177163-c833-3ff4-b38f-c8d2872f1ec6": { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "preferences/updates", + "preferences/marketing", + ], + "identityAttribute": "userName", + "required": false, + "validateInputs": false, + }, + }, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "_id": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "QueryFilterDecisionNode", + "collection": true, + "name": "Query Filter Decision", + }, + "identityAttribute": "userName", + "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false", + }, + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "_id": "6c8349cc-7260-3e62-a3b1-396831a8398f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "f7177163-c833-3ff4-b38f-c8d2872f1ec6", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": {}, + "pageHeader": { + "en": "Please select your preferences", + }, + "stage": "null", + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "_id": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "LoginCountDecisionNode", + "collection": true, + "name": "Login Count Decision", + }, + "amount": 3, + "identityAttribute": "userName", + "interval": "AT", + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "_id": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformProgressiveProfile", + "description": "Prompt for missing preferences on 3rd login", + "enabled": true, + "entryNodeId": "a1d0c6e8-3f02-3327-9846-1063f4ac58a6", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "17e62166-fc85-36df-a4d1-bc0e1742c08b": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "6c8349cc-7260-3e62-a3b1-396831a8398f", + }, + "displayName": "Query Filter Decision", + "nodeType": "QueryFilterDecisionNode", + }, + "6c8349cc-7260-3e62-a3b1-396831a8398f": { + "connections": { + "outcome": "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "a1d0c6e8-3f02-3327-9846-1063f4ac58a6": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "17e62166-fc85-36df-a4d1-bc0e1742c08b", + }, + "displayName": "Login Count Decision", + "nodeType": "LoginCountDecisionNode", + }, + "d9d4f495-e875-32e0-b5a1-a4a6e1b9770f": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/PlatformRegistration.journey.json 1`] = ` +{ + "trees": { + "PlatformRegistration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "19ca14e7-ea63-38a4-ae0e-b13d585e4c22": { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "givenName", + "sn", + "mail", + "preferences/marketing", + "preferences/updates", + ], + "identityAttribute": "userName", + "required": true, + "validateInputs": true, + }, + "1c383cd3-0b7c-398a-b502-93adfecb7b18": { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa": { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AcceptTermsAndConditionsNode", + "collection": true, + "name": "Accept Terms and Conditions", + }, + }, + "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d": { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "KbaCreateNode", + "collection": true, + "name": "KBA Definition", + }, + "allowUserDefinedQuestions": true, + "message": { + "en": "Select a security question", + }, + }, + "e369853d-f766-3a44-a1ed-0ff613f563bd": { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": true, + }, + }, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "_id": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count", + }, + "identityAttribute": "userName", + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "_id": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + "_outcomes": [ + { + "displayName": "Created", + "id": "CREATED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "CreateObjectNode", + "collection": true, + "name": "Create Object", + }, + "identityResource": "managed/user", + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "_id": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "e369853d-f766-3a44-a1ed-0ff613f563bd", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "19ca14e7-ea63-38a4-ae0e-b13d585e4c22", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + { + "_id": "1c383cd3-0b7c-398a-b502-93adfecb7b18", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + { + "_id": "a5bfc9e0-7964-38dd-9eb9-5fc584cd965d", + "displayName": "KBA Definition", + "nodeType": "KbaCreateNode", + }, + { + "_id": "a5771bce-93e2-30c3-af7c-d9dfd0e5deaa", + "displayName": "Accept Terms and Conditions", + "nodeType": "AcceptTermsAndConditionsNode", + }, + ], + "pageDescription": { + "en": "Signing up is fast and easy.
Already have an account?Sign In", + }, + "pageHeader": { + "en": "Sign Up", + }, + "stage": "null", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformRegistration", + "description": "Platform Registration Tree", + "enabled": true, + "entryNodeId": "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "3416a75f-4cea-3109-907c-acd8e2f2aefc": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + }, + "d645920e-395f-3dad-bbbb-ed0eca3fe2e0": { + "connections": { + "CREATED": "3416a75f-4cea-3109-907c-acd8e2f2aefc", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Create Object", + "nodeType": "CreateObjectNode", + }, + "d67d8ab4-f4c1-3bf2-aaa3-53e27879133c": { + "connections": { + "outcome": "d645920e-395f-3dad-bbbb-ed0eca3fe2e0", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/PlatformResetPassword.journey.json 1`] = ` +{ + "trees": { + "PlatformResetPassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "44f683a8-4163-3352-bafe-57c2e008bc8c": { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + "66f041e1-6a60-328b-85a7-e228a89c3799": { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector", + }, + "attributesToCollect": [ + "mail", + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false, + }, + }, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "_id": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "44f683a8-4163-3352-bafe-57c2e008bc8c", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Change password", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "_id": "072b030b-a126-32f4-b237-4f342be9ed44", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User", + }, + "identifier": "userName", + "identityAttribute": "mail", + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "_id": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "66f041e1-6a60-328b-85a7-e228a89c3799", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode", + }, + ], + "pageDescription": { + "en": "Enter your email address or Sign in", + }, + "pageHeader": { + "en": "Reset Password", + }, + "stage": "null", + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "_id": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed.", + }, + "emailTemplateName": "resetPassword", + "identityAttribute": "mail", + "objectLookup": true, + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "_id": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "mail", + "identityResource": "managed/user", + "ignoredFields": [], + "patchAsObject": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformResetPassword", + "description": "Reset Password Tree", + "enabled": true, + "entryNodeId": "093f65e0-80a2-35f8-876b-1c5722a46aa2", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "03afdbd6-6e79-39b1-a5f8-597834fa83a4": { + "connections": { + "outcome": "ea5d2f1c-4608-332e-87d3-aa3d998e5135", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "072b030b-a126-32f4-b237-4f342be9ed44": { + "connections": { + "false": "7f39f831-7fbd-3198-8ef4-c628eba02591", + "true": "7f39f831-7fbd-3198-8ef4-c628eba02591", + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + }, + "093f65e0-80a2-35f8-876b-1c5722a46aa2": { + "connections": { + "outcome": "072b030b-a126-32f4-b237-4f342be9ed44", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "7f39f831-7fbd-3198-8ef4-c628eba02591": { + "connections": { + "outcome": "03afdbd6-6e79-39b1-a5f8-597834fa83a4", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + }, + "ea5d2f1c-4608-332e-87d3-aa3d998e5135": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/PlatformUpdatePassword.journey.json 1`] = ` +{ + "trees": { + "PlatformUpdatePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "735b90b4-5681-35ed-ac3f-678819b6e058": { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + "7cbbc409-ec99-3f19-878c-75bd1e06f215": { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": true, + }, + }, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "_id": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "_id": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "AttributePresentDecisionNode", + "collection": true, + "name": "Attribute Present Decision", + }, + "identityAttribute": "userName", + "presentAttribute": "password", + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "_id": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node", + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed.", + }, + "emailTemplateName": "updatePassword", + "identityAttribute": "userName", + "objectLookup": true, + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "_id": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "735b90b4-5681-35ed-ac3f-678819b6e058", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter current password", + }, + "pageHeader": { + "en": "Verify Existing Password", + }, + "stage": "null", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "_id": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED", + }, + { + "displayName": "Failed", + "id": "FAILURE", + }, + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object", + }, + "identityAttribute": "userName", + "identityResource": "managed/user", + "ignoredFields": [ + "userName", + ], + "patchAsObject": true, + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "_id": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "7cbbc409-ec99-3f19-878c-75bd1e06f215", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": { + "en": "Enter new password", + }, + "pageHeader": { + "en": "Update Password", + }, + "stage": "null", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "_id": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "SessionDataNode", + "collection": true, + "name": "Get Session Data", + }, + "sessionDataKey": "UserToken", + "sharedStateKey": "userName", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "PlatformUpdatePassword", + "description": "Update password using active session", + "enabled": true, + "entryNodeId": "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "14bfa6bb-1487-3e45-bba0-28a21ed38046": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1": { + "connections": { + "false": "32bb90e8-976a-3b52-98d5-da10fe66f21d", + "true": "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db", + }, + "displayName": "Attribute Present Decision", + "nodeType": "AttributePresentDecisionNode", + }, + "32bb90e8-976a-3b52-98d5-da10fe66f21d": { + "connections": { + "outcome": "e2c420d9-28d4-3f8c-a0ff-2ec19b371514", + }, + "displayName": "Email Suspend", + "nodeType": "EmailSuspendNode", + }, + "a3f390d8-8e4c-31f2-b47b-fa2f1b5f87db": { + "connections": { + "outcome": "14bfa6bb-1487-3e45-bba0-28a21ed38046", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "d2ddea18-f006-35ce-8623-e36bd4e3c7c5": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + }, + "e2c420d9-28d4-3f8c-a0ff-2ec19b371514": { + "connections": { + "outcome": "d2ddea18-f006-35ce-8623-e36bd4e3c7c5", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "fc490ca4-5c00-3124-9bbe-3554a4fdf6fb": { + "connections": { + "outcome": "3295c76a-cbf4-3aae-933c-36b1b5fc2cb1", + }, + "displayName": "Get Session Data", + "nodeType": "SessionDataNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/RetryLimit.journey.json 1`] = ` +{ + "trees": { + "RetryLimit": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "_id": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "UsernameCollectorNode", + "collection": true, + "name": "Username Collector", + }, + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "_id": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry", + }, + { + "displayName": "Reject", + "id": "Reject", + }, + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision", + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 3, + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "_id": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PasswordCollectorNode", + "collection": true, + "name": "Password Collector", + }, + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "_id": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "_id": "d3d94468-02a4-3259-b55d-38e6d163e820", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "AccountLockoutNode", + "collection": true, + "name": "Account Lockout", + }, + "lockAction": "LOCK", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "RetryLimit", + "description": "null", + "enabled": true, + "entryNodeId": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + "identityResource": "null", + "innerTreeOnly": false, + "nodes": { + "1679091c-5a88-3faf-afb5-e6087eb1b2dc": { + "connections": { + "outcome": "8f14e45f-ceea-367a-9a36-dedd4bea2543", + }, + "displayName": "User Name Collector", + "nodeType": "UsernameCollectorNode", + }, + "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26": { + "connections": { + "Reject": "d3d94468-02a4-3259-b55d-38e6d163e820", + "Retry": "1679091c-5a88-3faf-afb5-e6087eb1b2dc", + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + }, + "8f14e45f-ceea-367a-9a36-dedd4bea2543": { + "connections": { + "outcome": "c9f0f895-fb98-3b91-99f5-1fd0297e236d", + }, + "displayName": "Password Collector", + "nodeType": "PasswordCollectorNode", + }, + "c9f0f895-fb98-3b91-99f5-1fd0297e236d": { + "connections": { + "false": "45c48cce-2e2d-3fbd-aa1a-fc51c7c6ad26", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "d3d94468-02a4-3259-b55d-38e6d163e820": { + "connections": { + "outcome": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Account Lockout", + "nodeType": "AccountLockoutNode", + }, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/oath_registration.journey.json 1`] = ` +{ + "trees": { + "oath_registration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c": { + "_id": "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f": { + "_id": "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + }, + "nodes": { + "35ca2418-908d-4b92-9320-ef8576851abb": { + "_id": "35ca2418-908d-4b92-9320-ef8576851abb", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "9bfb80e1-e05a-4b3c-90bd-7091c2839e28": { + "_id": "9bfb80e1-e05a-4b3c-90bd-7091c2839e28", + "_outcomes": [ + { + "displayName": "Success", + "id": "successOutcome", + }, + { + "displayName": "Failure", + "id": "failureOutcome", + }, + ], + "_type": { + "_id": "OathRegistrationNode", + "collection": true, + "name": "OATH Registration", + }, + "accountName": "USERNAME", + "addChecksum": false, + "algorithm": "TOTP", + "bgColor": "032b75", + "generateRecoveryCodes": true, + "issuer": "ForgeRock", + "minSharedSecretLength": 32, + "passwordLength": "SIX_DIGITS", + "postponeDeviceProfileStorage": false, + "scanQRCodeMessage": {}, + "totpHashAlgorithm": "HMAC_SHA1", + "totpTimeInterval": 30, + "truncationOffset": -1, + }, + "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6": { + "_id": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", + "_outcomes": [ + { + "displayName": "Success", + "id": "successOutcome", + }, + { + "displayName": "Failure", + "id": "failureOutcome", + }, + { + "displayName": "Not registered", + "id": "notRegisteredOutcome", + }, + ], + "_type": { + "_id": "OathTokenVerifierNode", + "collection": true, + "name": "OATH Token Verifier", + }, + "algorithm": "TOTP", + "hotpWindowSize": 100, + "isRecoveryCodeAllowed": false, + "maximumAllowedClockDrift": 5, + "totpHashAlgorithm": "HMAC_SHA1", + "totpTimeInterval": 30, + "totpTimeSteps": 2, + }, + "fc5481db-cbee-479f-915a-2b40c54ce04e": { + "_id": "fc5481db-cbee-479f-915a-2b40c54ce04e", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "7d7c8acb-e39b-466c-bbaf-cc70a3bf247c", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "a2f9aa81-fdea-403d-bcc8-a5342cc5d34f", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": {}, + "pageHeader": {}, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "oath_registration", + "enabled": true, + "entryNodeId": "fc5481db-cbee-479f-915a-2b40c54ce04e", + "innerTreeOnly": false, + "nodes": { + "35ca2418-908d-4b92-9320-ef8576851abb": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "9bfb80e1-e05a-4b3c-90bd-7091c2839e28": { + "connections": { + "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "successOutcome": "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6", + }, + "displayName": "OATH Registration", + "nodeType": "OathRegistrationNode", + }, + "ab49ab43-4d09-46f2-a9ba-7330a6a7dce6": { + "connections": { + "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "notRegisteredOutcome": "9bfb80e1-e05a-4b3c-90bd-7091c2839e28", + "successOutcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "OATH Token Verifier", + "nodeType": "OathTokenVerifierNode", + }, + "fc5481db-cbee-479f-915a-2b40c54ce04e": { + "connections": { + "outcome": "35ca2418-908d-4b92-9320-ef8576851abb", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {}, + "e301438c-0bd0-429c-ab0c-66126501069a": {}, + "startNode": {}, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/push_registration.journey.json 1`] = ` +{ + "trees": { + "push_registration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9": { + "_id": "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "7ab18633-6eb0-455d-97ff-40ff7db4862a": { + "_id": "7ab18633-6eb0-455d-97ff-40ff7db4862a", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + }, + "nodes": { + "07bc635b-5a3f-461b-87ee-e76c9fa22738": { + "_id": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "1eb148f2-82e0-49c6-a330-e6a6d1a9eea9", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "7ab18633-6eb0-455d-97ff-40ff7db4862a", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": {}, + "pageHeader": {}, + }, + "0e161d10-c2d1-4196-8b41-59f80be4a587": { + "_id": "0e161d10-c2d1-4196-8b41-59f80be4a587", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "1323d24e-b9f8-4396-a9ce-4550fe3ac84f": { + "_id": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", + "_outcomes": [ + { + "displayName": "Sent", + "id": "SENT", + }, + { + "displayName": "Not Registered", + "id": "NOT_REGISTERED", + }, + { + "displayName": "Skipped", + "id": "SKIPPED", + }, + ], + "_type": { + "_id": "PushAuthenticationSenderNode", + "collection": true, + "name": "Push Sender", + }, + "captureFailure": false, + "contextInfo": false, + "customPayload": [], + "mandatory": false, + "messageTimeout": 120000, + "pushType": "DEFAULT", + "userMessage": {}, + }, + "527e6b31-01db-409c-8f52-01a5b7f48737": { + "_id": "527e6b31-01db-409c-8f52-01a5b7f48737", + "_outcomes": [ + { + "displayName": "Success", + "id": "TRUE", + }, + { + "displayName": "Failure", + "id": "FALSE", + }, + { + "displayName": "Expired", + "id": "EXPIRED", + }, + { + "displayName": "Waiting", + "id": "WAITING", + }, + ], + "_type": { + "_id": "PushResultVerifierNode", + "collection": true, + "name": "Push Result Verifier Node", + }, + }, + "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c": { + "_id": "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c", + "_outcomes": [ + { + "displayName": "Success", + "id": "successOutcome", + }, + { + "displayName": "Failure", + "id": "failureOutcome", + }, + { + "displayName": "Time Out", + "id": "timeoutOutcome", + }, + ], + "_type": { + "_id": "PushRegistrationNode", + "collection": true, + "name": "Push Registration", + }, + "accountName": "USERNAME", + "bgColor": "032b75", + "generateRecoveryCodes": true, + "issuer": "ForgeRock", + "scanQRCodeMessage": {}, + "timeout": 60, + }, + "ccb48486-0d8e-475d-a002-29d0bfa1177a": { + "_id": "ccb48486-0d8e-475d-a002-29d0bfa1177a", + "_outcomes": [ + { + "displayName": "Done", + "id": "DONE", + }, + { + "displayName": "Exit", + "id": "EXITED", + }, + ], + "_type": { + "_id": "PushWaitNode", + "collection": true, + "name": "Push Wait Node", + }, + "challengeMessage": {}, + "exitMessage": {}, + "secondsToWait": 5, + "waitingMessage": {}, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "push_registration", + "enabled": true, + "entryNodeId": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + "innerTreeOnly": false, + "nodes": { + "07bc635b-5a3f-461b-87ee-e76c9fa22738": { + "connections": {}, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "0e161d10-c2d1-4196-8b41-59f80be4a587": { + "connections": { + "true": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "1323d24e-b9f8-4396-a9ce-4550fe3ac84f": { + "connections": { + "NOT_REGISTERED": "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c", + "SENT": "ccb48486-0d8e-475d-a002-29d0bfa1177a", + "SKIPPED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + }, + "displayName": "Push Sender", + "nodeType": "PushAuthenticationSenderNode", + }, + "527e6b31-01db-409c-8f52-01a5b7f48737": { + "connections": { + "EXPIRED": "e301438c-0bd0-429c-ab0c-66126501069a", + "FALSE": "e301438c-0bd0-429c-ab0c-66126501069a", + "TRUE": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "WAITING": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "Push Result Verifier Node", + "nodeType": "PushResultVerifierNode", + }, + "c03b9d7b-3c91-4de4-9f6b-b9f7f7ce999c": { + "connections": { + "failureOutcome": "e301438c-0bd0-429c-ab0c-66126501069a", + "successOutcome": "1323d24e-b9f8-4396-a9ce-4550fe3ac84f", + "timeoutOutcome": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + }, + "displayName": "Push Registration", + "nodeType": "PushRegistrationNode", + }, + "ccb48486-0d8e-475d-a002-29d0bfa1177a": { + "connections": { + "DONE": "527e6b31-01db-409c-8f52-01a5b7f48737", + "EXITED": "07bc635b-5a3f-461b-87ee-e76c9fa22738", + }, + "displayName": "Push Wait Node", + "nodeType": "PushWaitNode", + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {}, + "e301438c-0bd0-429c-ab0c-66126501069a": {}, + "startNode": {}, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/six.journey.json 1`] = ` +{ + "trees": { + "six": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "295a70ba-2b67-4a48-bf13-237ce0a55450": { + "_id": "295a70ba-2b67-4a48-bf13-237ce0a55450", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "4a77788d-d443-4646-ac52-5cb9f2207a8a": { + "_id": "4a77788d-d443-4646-ac52-5cb9f2207a8a", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "5883ff1e-80dd-49f5-a609-120303e1b0cd": { + "_id": "5883ff1e-80dd-49f5-a609-120303e1b0cd", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "59129227-f192-4ff4-a7b4-bc7690b82d4f": { + "_id": "59129227-f192-4ff4-a7b4-bc7690b82d4f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "6a1aa88f-25f8-4d40-8008-bfc6684b2a58": { + "_id": "6a1aa88f-25f8-4d40-8008-bfc6684b2a58", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5": { + "_id": "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "six", + "enabled": true, + "entryNodeId": "e301438c-0bd0-429c-ab0c-66126501069a", + "innerTreeOnly": false, + "nodes": { + "295a70ba-2b67-4a48-bf13-237ce0a55450": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + "4a77788d-d443-4646-ac52-5cb9f2207a8a": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + "5883ff1e-80dd-49f5-a609-120303e1b0cd": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + "59129227-f192-4ff4-a7b4-bc7690b82d4f": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + "6a1aa88f-25f8-4d40-8008-bfc6684b2a58": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + "8b1a8dc8-338f-46af-a4c5-6fe7cf6a2cf5": { + "connections": {}, + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {}, + "e301438c-0bd0-429c-ab0c-66126501069a": {}, + "startNode": {}, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/test.journey.json 1`] = ` +{ + "trees": { + "test": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": {}, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "test", + "enabled": true, + "entryNodeId": "d26176be-ea6f-4f2a-81cd-3d41dd6cee4d", + "innerTreeOnly": false, + "nodes": {}, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {}, + "e301438c-0bd0-429c-ab0c-66126501069a": {}, + "startNode": {}, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/journey/webauthn_registration.journey.json 1`] = ` +{ + "trees": { + "webauthn_registration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "08faa9c0-7c19-454a-a4e1-0692d94615f6": { + "_id": "08faa9c0-7c19-454a-a4e1-0692d94615f6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username", + }, + "usernameAttribute": "userName", + "validateInput": false, + }, + "3334a349-b2ea-42e0-86b8-9f6c39d43dad": { + "_id": "3334a349-b2ea-42e0-86b8-9f6c39d43dad", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password", + }, + "passwordAttribute": "password", + "validateInput": false, + }, + }, + "nodes": { + "72ef6e1d-930c-4bed-922a-850815d98ea1": { + "_id": "72ef6e1d-930c-4bed-922a-850815d98ea1", + "_outcomes": [ + { + "displayName": "Unsupported", + "id": "unsupported", + }, + { + "displayName": "Success", + "id": "success", + }, + { + "displayName": "Failure", + "id": "failure", + }, + { + "displayName": "Client Error", + "id": "error", + }, + ], + "_type": { + "_id": "WebAuthnRegistrationNode", + "collection": true, + "name": "WebAuthn Registration Node", + }, + "acceptedSigningAlgorithms": [ + "ES256", + "RS256", + ], + "asScript": true, + "attestationPreference": "NONE", + "authenticatorAttachment": "UNSPECIFIED", + "enforceRevocationCheck": false, + "excludeCredentials": false, + "generateRecoveryCodes": true, + "maxSavedDevices": 0, + "origins": [], + "postponeDeviceProfileStorage": false, + "relyingPartyName": "ForgeRock", + "requiresResidentKey": false, + "storeAttestationDataInTransientState": false, + "timeout": 60, + "trustStoreAlias": "trustalias", + "userVerificationRequirement": "PREFERRED", + }, + "807106ff-fb66-469e-93bb-4e0834f6c875": { + "_id": "807106ff-fb66-469e-93bb-4e0834f6c875", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome", + }, + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node", + }, + "nodes": [ + { + "_id": "08faa9c0-7c19-454a-a4e1-0692d94615f6", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode", + }, + { + "_id": "3334a349-b2ea-42e0-86b8-9f6c39d43dad", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode", + }, + ], + "pageDescription": {}, + "pageHeader": {}, + }, + "878eb28e-41b2-4bd7-9256-80ed427bd168": { + "_id": "878eb28e-41b2-4bd7-9256-80ed427bd168", + "_outcomes": [ + { + "displayName": "True", + "id": "true", + }, + { + "displayName": "False", + "id": "false", + }, + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision", + }, + }, + "9fce34fc-03f1-4fb1-8ce5-1feff34a403c": { + "_id": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", + "_outcomes": [ + { + "displayName": "Unsupported", + "id": "unsupported", + }, + { + "displayName": "No Device Registered", + "id": "noDevice", + }, + { + "displayName": "Success", + "id": "success", + }, + { + "displayName": "Failure", + "id": "failure", + }, + { + "displayName": "Client Error", + "id": "error", + }, + ], + "_type": { + "_id": "WebAuthnAuthenticationNode", + "collection": true, + "name": "WebAuthn Authentication Node", + }, + "asScript": true, + "isRecoveryCodeAllowed": false, + "origins": [], + "requiresResidentKey": false, + "timeout": 60, + "userVerificationRequirement": "PREFERRED", + }, + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "webauthn_registration", + "enabled": true, + "entryNodeId": "807106ff-fb66-469e-93bb-4e0834f6c875", + "innerTreeOnly": false, + "nodes": { + "72ef6e1d-930c-4bed-922a-850815d98ea1": { + "connections": { + "error": "e301438c-0bd0-429c-ab0c-66126501069a", + "failure": "e301438c-0bd0-429c-ab0c-66126501069a", + "success": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", + "unsupported": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "WebAuthn Registration Node", + "nodeType": "WebAuthnRegistrationNode", + }, + "807106ff-fb66-469e-93bb-4e0834f6c875": { + "connections": { + "outcome": "878eb28e-41b2-4bd7-9256-80ed427bd168", + }, + "displayName": "Page Node", + "nodeType": "PageNode", + }, + "878eb28e-41b2-4bd7-9256-80ed427bd168": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "9fce34fc-03f1-4fb1-8ce5-1feff34a403c", + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + }, + "9fce34fc-03f1-4fb1-8ce5-1feff34a403c": { + "connections": { + "error": "e301438c-0bd0-429c-ab0c-66126501069a", + "failure": "e301438c-0bd0-429c-ab0c-66126501069a", + "noDevice": "72ef6e1d-930c-4bed-922a-850815d98ea1", + "success": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "unsupported": "e301438c-0bd0-429c-ab0c-66126501069a", + }, + "displayName": "WebAuthn Authentication Node", + "nodeType": "WebAuthnAuthenticationNode", + }, + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": {}, + "e301438c-0bd0-429c-ab0c-66126501069a": {}, + "startNode": {}, + }, + "uiConfig": {}, + }, + "variable": {}, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/oauth2.app/test-client.oauth2.app.json 1`] = ` +{ + "application": { + "test client": { + "_id": "test client", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider", + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": false, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid", + ], + "codeVerifierEnforced": "false", + "defaultScopes": [], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", + "urn:ietf:params:oauth:grant-type:jwt-bearer", + ], + "hashSalt": "changeme", + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "[Empty]", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + ], + "supportedScopes": [], + "supportedSubjectTypes": [ + "public", + "pairwise", + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger", + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator", + ], + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": false, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false, + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256", + ], + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris", + ], + }, + "consent": { + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "usePolicyEngineForScope": false, + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": false, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW", + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512", + ], + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8, + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.oauth2.core.plugins.registry.DefaultAccessTokenEnricher", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "25e6c06d-cf70-473b-bd28-26931edc476b", + }, + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients", + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "authorization_code", + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token", + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null, + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [], + "secretLabelIdentifier": null, + "status": "Active", + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [], + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [], + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]", + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null, + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/policy/Test-Policy.policy.json 1`] = ` +{ + "policy": { + "Test Policy": { + "_id": "Test Policy", + "actionValues": {}, + "active": true, + "applicationName": "iPlanetAMWebAgentService", + "description": "", + "name": "Test Policy", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "*://*:*/*?*", + ], + "subject": { + "subjects": [ + { + "type": "NONE", + }, + { + "subjectValues": [ + "id=phales,ou=user,dc=openam,dc=forgerock,dc=org", + ], + "type": "Identity", + }, + ], + "type": "AND", + }, + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/policyset/iPlanetAMWebAgentService.policyset.json 1`] = ` +{ + "policyset": { + "iPlanetAMWebAgentService": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "AND", + "OR", + "NOT", + "AMIdentityMembership", + "AuthLevel", + "LEAuthLevel", + "AuthScheme", + "AuthenticateToRealm", + "AuthenticateToService", + "IPv4", + "IPv6", + "LDAPFilter", + "OAuth2Scope", + "ResourceEnvIP", + "Session", + "SessionProperty", + "SimpleTime", + "Script", + "Transaction", + ], + "description": "The built-in Application used by OpenAM Policy Agents.", + "displayName": "Default Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "name": "iPlanetAMWebAgentService", + "resourceComparator": null, + "resourceTypeUuids": [ + "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AND", + "OR", + "NOT", + "AuthenticatedUsers", + "Identity", + "JwtClaim", + "NONE", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/policyset/oauth2Scopes.policyset.json 1`] = ` +{ + "policyset": { + "oauth2Scopes": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "AND", + "OR", + "NOT", + "AMIdentityMembership", + "AuthLevel", + "LEAuthLevel", + "AuthScheme", + "AuthenticateToRealm", + "AuthenticateToService", + "IPv4", + "IPv6", + "LDAPFilter", + "OAuth2Scope", + "ResourceEnvIP", + "Session", + "SessionProperty", + "SimpleTime", + "Script", + "Transaction", + ], + "description": "The built-in Application used by the OAuth2 scope authorization process.", + "displayName": "Default OAuth2 Scopes Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "name": "oauth2Scopes", + "resourceComparator": null, + "resourceTypeUuids": [ + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AND", + "OR", + "NOT", + "AuthenticatedUsers", + "Identity", + "JwtClaim", + "NONE", + ], + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/resourcetype/OAuth2-Scope.resourcetype.json 1`] = ` +{ + "resourcetype": { + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { + "actions": { + "GRANT": true, + }, + "description": "The built-in OAuth2 Scope Resource Type for OAuth2 policy-provided scope.", + "name": "OAuth2 Scope", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + "*", + ], + "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/resourcetype/URL.resourcetype.json 1`] = ` +{ + "resourcetype": { + "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true, + }, + "description": "The built-in URL Resource Type available to OpenAM Policies.", + "name": "URL", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + ], + "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/saml/Test-Entity.saml.json 1`] = ` +{ + "saml": { + "cot": {}, + "hosted": { + "VGVzdCBFbnRpdHk": { + "_id": "VGVzdCBFbnRpdHk", + "entityId": "Test Entity", + "identityProvider": { + "advanced": { + "ecpConfiguration": { + "idpSessionMapper": "com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper", + }, + "idpAdapter": { + "idpAdapterScript": "[Empty]", + }, + "idpFinderImplementation": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "idpUrl": "http://localhost:8080/am/idpsaehandler/metaAlias/test", + }, + "sessionSynchronization": {}, + }, + "assertionContent": { + "assertionCache": {}, + "assertionTime": { + "effectiveTime": 600, + "notBeforeTimeSkew": 600, + }, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "level": 0, + }, + ], + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper", + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + "nameIdValueMap": [ + { + "binary": false, + "key": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "value": "mail", + }, + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": {}, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "accountMapper": { + "accountMapper": "com.sun.identity.saml2.plugins.DefaultIDPAccountMapper", + }, + "attributeMapper": { + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper", + "attributeMapperScript": "[Empty]", + }, + "localConfiguration": {}, + }, + "services": { + "assertionIdRequest": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/AIDReqSoap/IDPRole/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:URI", + "location": "http://localhost:8080/am/AIDReqUri/IDPRole/metaAlias/test", + }, + ], + "metaAlias": "/test", + "nameIdMapping": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/NIMSoap/metaAlias/test", + }, + ], + "serviceAttributes": { + "artifactResolutionService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/ArtifactResolver/metaAlias/test", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/IDPMniRedirect/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPMniRedirect/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/IDPMniPOST/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPMniPOST/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/IDPMniSoap/metaAlias/test", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/IDPSloRedirect/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPSloRedirect/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/IDPSloPOST/metaAlias/test", + "responseLocation": "http://localhost:8080/am/IDPSloPOST/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/IDPSloSoap/metaAlias/test", + }, + ], + "singleSignOnService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/SSORedirect/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/SSOPOST/metaAlias/test", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/SSOSoap/metaAlias/test", + }, + ], + }, + }, + }, + "serviceProvider": { + "advanced": { + "ecpConfiguration": { + "ecpRequestIdpListFinderImpl": "com.sun.identity.saml2.plugins.ECPIDPFinder", + }, + "idpProxy": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "spUrl": "http://localhost:8080/am/spsaehandler/metaAlias/test2", + }, + }, + "assertionContent": { + "assertionTimeSkew": 300, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "defaultItem": true, + "level": 0, + }, + ], + "authenticationComparisonType": "Exact", + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper", + "includeRequestedAuthenticationContext": true, + }, + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + ], + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": {}, + "secretIdAndAlgorithms": {}, + }, + }, + "assertionProcessing": { + "accountMapping": { + "spAccountMapper": "com.sun.identity.saml2.plugins.DefaultSPAccountMapper", + }, + "adapter": { + "spAdapterScript": "[Empty]", + }, + "attributeMapper": { + "attributeMap": [ + { + "key": "*", + "value": "*", + }, + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper", + }, + "autoFederation": {}, + "responseArtifactMessageEncoding": { + "encoding": "URI", + }, + "url": {}, + }, + "services": { + "metaAlias": "/test2", + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", + "index": 0, + "isDefault": true, + "location": "http://localhost:8080/am/Consumer/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 1, + "isDefault": false, + "location": "http://localhost:8080/am/Consumer/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", + "index": 2, + "isDefault": false, + "location": "http://localhost:8080/am/Consumer/ECP/metaAlias/test2", + }, + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/SPMniRedirect/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPMniRedirect/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/SPMniPOST/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPMniPOST/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/SPMniSoap/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPMniSoap/metaAlias/test2", + }, + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "http://localhost:8080/am/SPSloRedirect/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPSloRedirect/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "http://localhost:8080/am/SPSloPOST/metaAlias/test2", + "responseLocation": "http://localhost:8080/am/SPSloPOST/metaAlias/test2", + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "http://localhost:8080/am/SPSloSoap/metaAlias/test2", + }, + ], + }, + }, + }, + }, + }, + "metadata": { + "VGVzdCBFbnRpdHk": [ + "", + "", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " PGNlcnRpZmljYXRlPg==", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + "", + "", + "", + ], + }, + "remote": {}, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Amazon-Profile-Normalization.script.groovy 1`] = ` +"/* + * Copyright 2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +import static org.forgerock.json.JsonValue.field +import static org.forgerock.json.JsonValue.json +import static org.forgerock.json.JsonValue.object + +return json(object( + field("id", rawProfile.user_id), + field("displayName", rawProfile.name), + field("email", rawProfile.email), + field("username", rawProfile.email))) +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Amazon-Profile-Normalization.script.json 1`] = ` +{ + "script": { + "6b3cfd48-62d3-48ff-a96f-fe8f3a22ab30": { + "_id": "6b3cfd48-62d3-48ff-a96f-fe8f3a22ab30", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "default": true, + "description": "Normalizes raw profile data from Amazon", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "Amazon Profile Normalization", + "script": "file://Amazon-Profile-Normalization.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Apple-Profile-Normalization.script.groovy 1`] = ` +"/* + * Copyright 2021-2022 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + * + * In some common default configurations, the following keys are required to be not empty: + * username, givenName, familyName, email. + * + * From RFC4517: A value of the Directory String syntax is a string of one or more + * arbitrary characters from the Universal Character Set (UCS). + * A zero-length character string is not permitted. + */ + +import static org.forgerock.json.JsonValue.field +import static org.forgerock.json.JsonValue.json +import static org.forgerock.json.JsonValue.object + +String email = "change@me.com" +String subjectId = rawProfile.sub +String firstName = " " +String lastName = " " +String username = subjectId +String name + +if (rawProfile.isDefined("email") && rawProfile.email.isNotNull()){ // User can elect to not share their email + email = rawProfile.email.asString() + username = email +} +if (rawProfile.isDefined("name") && rawProfile.name.isNotNull()) { + if (rawProfile.name.isDefined("firstName") && rawProfile.name.firstName.isNotNull()) { + firstName = rawProfile.name.firstName.asString() + } + if (rawProfile.name.isDefined("lastName") && rawProfile.name.lastName.isNotNull()) { + lastName = rawProfile.name.lastName.asString() + } +} + +name = (firstName?.trim() ? firstName : "") + (lastName?.trim() ? ((firstName?.trim() ? " " : "") + lastName) : "") +name = (!name?.trim()) ? " " : name + +return json(object( + field("id", subjectId), + field("displayName", name), + field("email", email), + field("givenName", firstName), + field("familyName", lastName), + field("username", username))) +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Apple-Profile-Normalization.script.json 1`] = ` +{ + "script": { + "484e6246-dbc6-4288-97e6-54e55431402e": { + "_id": "484e6246-dbc6-4288-97e6-54e55431402e", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "default": true, + "description": "Normalizes raw profile data from Apple", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "Apple Profile Normalization", + "script": "file://Apple-Profile-Normalization.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Authentication-Tree-Decision-Node-Script.script.js 1`] = ` +"/* + - Data made available by nodes that have already executed are available in the sharedState variable. + - The script should set outcome to either "true" or "false". + */ + +outcome = "true"; +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Authentication-Tree-Decision-Node-Script.script.json 1`] = ` +{ + "script": { + "01e1a3c0-038b-4c16-956a-6c9d89328cff": { + "_id": "01e1a3c0-038b-4c16-956a-6c9d89328cff", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "default": true, + "description": "Default global script for a scripted decision node", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "name": "Authentication Tree Decision Node Script", + "script": "file://Authentication-Tree-Decision-Node-Script.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Config-Provider-Node-Script.script.js 1`] = ` +"/* + * Copyright 2021-2022 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/** + * The following script is a simplified template for understanding how to build + * up a config Map object with custom values. The Config Provider Node will then + * provide this config Map to the desired node type. It is important that the Map + * you build here is named 'config'. + * + * Defined variables: + * + * nodeState - Node State (1) + * Always present, this represents the current values stored in the node state. + * + * idRepository - Profile Data (2) + * Always present, a repository to retrieve user information. + * + * secrets - Credentials and Secrets (3) + * Always present, an interface to access the Secrets API from a scripting context. + * + * requestHeaders (4) - Map (5) + * Always present, an object that provides methods for accessing headers in the login request. + * + * logger - Debug Logging (6) + * Always present, the debug logger instance. + * + * httpClient - HTTP Client (7) + * Always present, the HTTP client that can be used to make external HTTP requests. + * + * realm - String (primitive). + * Always present, the name of the realm the user is authenticating to. + * + * existingSession - Map (5) + * Present if the request contains the session cookie, the user's session object. The returned map from + * SSOToken.getProperties() (8) + * + * requestParameters - Map (5) + * Always present, the object that contains the authentication request parameters. + * + * + * Outputs: + * + * config - Map (5) + * Define and fill a Map object named 'config' with custom values, this will define the configuration for the + * associated node selected in the ConfigProviderNode. + * + * Reference: + * (1) Node State - https://backstage.forgerock.com/docs/idcloud-am/latest/authentication-guide/scripting-api-node.html#scripting-api-node-nodeState + * (2) Profile Data - https://backstage.forgerock.com/docs/am/7.1/authentication-guide/scripting-api-node.html#scripting-api-node-id-repo + * (3) Credentials and Secrets - https://backstage.forgerock.com/docs/am/7.1/authentication-guide/scripting-api-node.html#scripting-api-authn-secrets + * (4) Request Headers - https://backstage.forgerock.com/docs/am/7/authentication-guide/scripting-api-node.html#scripting-api-node-requestHeaders. + * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/Map.html + * (6) Debug Logging - https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. + * (7) HTTP Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. + * (8) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. + */ + +config = { + "key0": {"subKey": "value0"}, + "key1": "value1" +}; +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Config-Provider-Node-Script.script.json 1`] = ` +{ + "script": { + "5e854779-6ec1-4c39-aeba-0477e0986646": { + "_id": "5e854779-6ec1-4c39-aeba-0477e0986646", + "context": "CONFIG_PROVIDER_NODE", + "default": true, + "description": "Script to provide values for a config provider node", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "name": "Config Provider Node Script", + "script": "file://Config-Provider-Node-Script.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Device-Id-(Match)-Client-Side.script.js 1`] = ` +"var fontDetector = (function () { + /** + * JavaScript code to detect available availability of a + * particular font in a browser using JavaScript and CSS. + * + * Author : Lalit Patel + * Website: http://www.lalit.org/lab/javascript-css-font-detect/ + * License: Apache Software License 2.0 + * http://www.apache.org/licenses/LICENSE-2.0 + * Version: 0.15 (21 Sep 2009) + * Changed comparision font to default from sans-default-default, + * as in FF3.0 font of child element didn't fallback + * to parent element if the font is missing. + * Version: 0.2 (04 Mar 2012) + * Comparing font against all the 3 generic font families ie, + * 'monospace', 'sans-serif' and 'sans'. If it doesn't match all 3 + * then that font is 100% not available in the system + * Version: 0.3 (24 Mar 2012) + * Replaced sans with serif in the list of baseFonts + */ + /* + * Portions Copyrighted 2013 ForgeRock AS. + */ + var detector = {}, baseFonts, testString, testSize, h, s, defaultWidth = {}, defaultHeight = {}, index; + + // a font will be compared against all the three default fonts. + // and if it doesn't match all 3 then that font is not available. + baseFonts = ['monospace', 'sans-serif', 'serif']; + + //we use m or w because these two characters take up the maximum width. + // And we use a LLi so that the same matching fonts can get separated + testString = "mmmmmmmmmmlli"; + + //we test using 72px font size, we may use any size. I guess larger the better. + testSize = '72px'; + + h = document.getElementsByTagName("body")[0]; + + // create a SPAN in the document to get the width of the text we use to test + s = document.createElement("span"); + s.style.fontSize = testSize; + s.innerHTML = testString; + for (index in baseFonts) { + //get the default width for the three base fonts + s.style.fontFamily = baseFonts[index]; + h.appendChild(s); + defaultWidth[baseFonts[index]] = s.offsetWidth; //width for the default font + defaultHeight[baseFonts[index]] = s.offsetHeight; //height for the defualt font + h.removeChild(s); + } + + detector.detect = function(font) { + var detected = false, index, matched; + for (index in baseFonts) { + s.style.fontFamily = font + ',' + baseFonts[index]; // name of the font along with the base font for fallback. + h.appendChild(s); + matched = (s.offsetWidth !== defaultWidth[baseFonts[index]] || s.offsetHeight !== defaultHeight[baseFonts[index]]); + h.removeChild(s); + detected = detected || matched; + } + return detected; + }; + + return detector; +}()); +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved + * + * The contents of this file are subject to the terms + * of the Common Development and Distribution License + * (the License). You may not use this file except in + * compliance with the License. + * + * You can obtain a copy of the License at + * https://opensso.dev.java.net/public/CDDLv1.0.html or + * opensso/legal/CDDLv1.0.txt + * See the License for the specific language governing + * permission and limitations under the License. + * + * When distributing Covered Code, include this CDDL + * Header Notice in each file and include the License file + * at opensso/legal/CDDLv1.0.txt. + * If applicable, add the following below the CDDL Header, + * with the fields enclosed by brackets [] replaced by + * your own identifying information: + * "Portions Copyrighted [year] [name of copyright owner]" + * + */ +/* + * Portions Copyrighted 2013 Syntegrity. + * Portions Copyrighted 2013-2014 ForgeRock AS. + */ + +var collectScreenInfo = function () { + var screenInfo = {}; + if (screen) { + if (screen.width) { + screenInfo.screenWidth = screen.width; + } + + if (screen.height) { + screenInfo.screenHeight = screen.height; + } + + if (screen.pixelDepth) { + screenInfo.screenColourDepth = screen.pixelDepth; + } + } else { + console.warn("Cannot collect screen information. screen is not defined."); + } + return screenInfo; + }, + collectTimezoneInfo = function () { + var timezoneInfo = {}, offset = new Date().getTimezoneOffset(); + + if (offset) { + timezoneInfo.timezone = offset; + } else { + console.warn("Cannot collect timezone information. timezone is not defined."); + } + + return timezoneInfo; + }, + collectBrowserPluginsInfo = function () { + + if (navigator && navigator.plugins) { + var pluginsInfo = {}, i, plugins = navigator.plugins; + pluginsInfo.installedPlugins = ""; + + for (i = 0; i < plugins.length; i++) { + pluginsInfo.installedPlugins = pluginsInfo.installedPlugins + plugins[i].filename + ";"; + } + + return pluginsInfo; + } else { + console.warn("Cannot collect browser plugin information. navigator.plugins is not defined."); + return {}; + } + + }, +// Getting geolocation takes some time and is done asynchronously, hence need a callback which is called once geolocation is retrieved. + collectGeolocationInfo = function (callback) { + var geolocationInfo = {}, + successCallback = function(position) { + geolocationInfo.longitude = position.coords.longitude; + geolocationInfo.latitude = position.coords.latitude; + callback(geolocationInfo); + }, errorCallback = function(error) { + console.warn("Cannot collect geolocation information. " + error.code + ": " + error.message); + callback(geolocationInfo); + }; + if (navigator && navigator.geolocation) { + // NB: If user chooses 'Not now' on Firefox neither callback gets called + // https://bugzilla.mozilla.org/show_bug.cgi?id=675533 + navigator.geolocation.getCurrentPosition(successCallback, errorCallback); + } else { + console.warn("Cannot collect geolocation information. navigator.geolocation is not defined."); + callback(geolocationInfo); + } + }, + collectBrowserFontsInfo = function () { + var fontsInfo = {}, i, fontsList = ["cursive","monospace","serif","sans-serif","fantasy","default","Arial","Arial Black", + "Arial Narrow","Arial Rounded MT Bold","Bookman Old Style","Bradley Hand ITC","Century","Century Gothic", + "Comic Sans MS","Courier","Courier New","Georgia","Gentium","Impact","King","Lucida Console","Lalit", + "Modena","Monotype Corsiva","Papyrus","Tahoma","TeX","Times","Times New Roman","Trebuchet MS","Verdana", + "Verona"]; + fontsInfo.installedFonts = ""; + + for (i = 0; i < fontsList.length; i++) { + if (fontDetector.detect(fontsList[i])) { + fontsInfo.installedFonts = fontsInfo.installedFonts + fontsList[i] + ";"; + } + } + return fontsInfo; + }, + devicePrint = {}; + +devicePrint.screen = collectScreenInfo(); +devicePrint.timezone = collectTimezoneInfo(); +devicePrint.plugins = collectBrowserPluginsInfo(); +devicePrint.fonts = collectBrowserFontsInfo(); + +if (navigator.userAgent) { + devicePrint.userAgent = navigator.userAgent; +} +if (navigator.appName) { + devicePrint.appName = navigator.appName; +} +if (navigator.appCodeName) { + devicePrint.appCodeName = navigator.appCodeName; +} +if (navigator.appVersion) { + devicePrint.appVersion = navigator.appVersion; +} +if (navigator.appMinorVersion) { + devicePrint.appMinorVersion = navigator.appMinorVersion; +} +if (navigator.buildID) { + devicePrint.buildID = navigator.buildID; +} +if (navigator.platform) { + devicePrint.platform = navigator.platform; +} +if (navigator.cpuClass) { + devicePrint.cpuClass = navigator.cpuClass; +} +if (navigator.oscpu) { + devicePrint.oscpu = navigator.oscpu; +} +if (navigator.product) { + devicePrint.product = navigator.product; +} +if (navigator.productSub) { + devicePrint.productSub = navigator.productSub; +} +if (navigator.vendor) { + devicePrint.vendor = navigator.vendor; +} +if (navigator.vendorSub) { + devicePrint.vendorSub = navigator.vendorSub; +} +if (navigator.language) { + devicePrint.language = navigator.language; +} +if (navigator.userLanguage) { + devicePrint.userLanguage = navigator.userLanguage; +} +if (navigator.browserLanguage) { + devicePrint.browserLanguage = navigator.browserLanguage; +} +if (navigator.systemLanguage) { + devicePrint.systemLanguage = navigator.systemLanguage; +} + +// Attempt to collect geo-location information and return this with the data collected so far. +// Otherwise, if geo-location fails or takes longer than 30 seconds, auto-submit the data collected so far. +autoSubmitDelay = 30000; +output.value = JSON.stringify(devicePrint); +collectGeolocationInfo(function(geolocationInfo) { + devicePrint.geolocation = geolocationInfo; + output.value = JSON.stringify(devicePrint); + submit(); +}); +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Device-Id-(Match)-Client-Side.script.json 1`] = ` +{ + "script": { + "157298c0-7d31-4059-a95b-eeb08473b7e5": { + "_id": "157298c0-7d31-4059-a95b-eeb08473b7e5", + "context": "AUTHENTICATION_CLIENT_SIDE", + "default": true, + "description": "Default global script for client side Device Id (Match) Authentication Module", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "name": "Device Id (Match) - Client Side", + "script": "file://Device-Id-(Match)-Client-Side.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Device-Id-(Match)-Server-Side.script.js 1`] = ` +"/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved + * + * The contents of this file are subject to the terms + * of the Common Development and Distribution License + * (the License). You may not use this file except in + * compliance with the License. + * + * You can obtain a copy of the License at + * https://opensso.dev.java.net/public/CDDLv1.0.html or + * opensso/legal/CDDLv1.0.txt + * See the License for the specific language governing + * permission and limitations under the License. + * + * When distributing Covered Code, include this CDDL + * Header Notice in each file and include the License file + * at opensso/legal/CDDLv1.0.txt. + * If applicable, add the following below the CDDL Header, + * with the fields enclosed by brackets [] replaced by + * your own identifying information: + * "Portions Copyrighted [year] [name of copyright owner]" + * + */ +/* + * Portions Copyrighted 2013 Syntegrity. + * Portions Copyrighted 2013-2018 ForgeRock AS. + */ + +var ScalarComparator = {}, ScreenComparator = {}, MultiValueComparator = {}, UserAgentComparator = {}, GeolocationComparator = {}; + +var config = { + profileExpiration: 30, //in days + maxProfilesAllowed: 5, + maxPenaltyPoints: 0, + attributes: { + screen: { + required: true, + comparator: ScreenComparator, + args: { + penaltyPoints: 50 + } + }, + plugins: { + installedPlugins: { + required: false, + comparator: MultiValueComparator, + args: { + maxPercentageDifference: 10, + maxDifferences: 5, + penaltyPoints: 100 + } + } + }, + fonts: { + installedFonts: { + required: false, + comparator: MultiValueComparator, + args: { + maxPercentageDifference: 10, + maxDifferences: 5, + penaltyPoints: 100 + } + } + }, + timezone: { + timezone: { + required: false, + comparator: ScalarComparator, + args: { + penaltyPoints: 100 + } + } + }, + userAgent: { + required: true, + comparator: UserAgentComparator, + args: { + ignoreVersion: true, + penaltyPoints: 100 + } + }, + geolocation: { + required: false, + comparator: GeolocationComparator, + args: { + allowedRange: 100, //in miles + penaltyPoints: 100 + } + } + } +}; + +//---------------------------------------------------------------------------// +// Comparator functions // +//---------------------------------------------------------------------------// + +var all, any, calculateDistance, calculateIntersection, calculatePercentage, nullOrUndefined, splitAndTrim, + undefinedLocation; + +// ComparisonResult + +/** + * Constructs an instance of a ComparisonResult with the given penalty points. + * + * @param penaltyPoints (Number) The penalty points for the comparison (defaults to 0). + * @param additionalInfoInCurrentValue (boolean) Whether the current value contains more information + * than the stored value (defaults to false). + */ +function ComparisonResult() { + + var penaltyPoints = 0, + additionalInfoInCurrentValue = false; + + if (arguments[0] !== undefined && arguments[1] !== undefined) { + penaltyPoints = arguments[0]; + additionalInfoInCurrentValue = arguments[1]; + } + + if (arguments[0] !== undefined && arguments[1] === undefined) { + if (typeof(arguments[0]) === "boolean") { + additionalInfoInCurrentValue = arguments[0]; + } else { + penaltyPoints = arguments[0]; + } + } + + this.penaltyPoints = penaltyPoints; + this.additionalInfoInCurrentValue = additionalInfoInCurrentValue; + +} + +ComparisonResult.ZERO_PENALTY_POINTS = new ComparisonResult(0); + +/** + * Static method for functional programming. + * + * @return boolean true if comparisonResult.isSuccessful(). + */ +ComparisonResult.isSuccessful = function(comparisonResult) { + return comparisonResult.isSuccessful(); +}; + + +/** + * Static method for functional programming. + * + * @return boolean true if comparisonResult.additionalInfoInCurrentValue. + */ +ComparisonResult.additionalInfoInCurrentValue = function(comparisonResult) { + return comparisonResult.additionalInfoInCurrentValue; +}; + +/** + * Comparison function that can be provided as an argument to array.sort + */ +ComparisonResult.compare = function(first, second) { + if (nullOrUndefined(first) && nullOrUndefined(second)) { + return 0; + } else if (nullOrUndefined(first)) { + return -1; + } else if (nullOrUndefined(second)) { + return 1; + } else { + if (first.penaltyPoints !== second.penaltyPoints) { + return first.penaltyPoints - second.penaltyPoints; + } else { + return (first.additionalInfoInCurrentValue ? 1 : 0) - (second.additionalInfoInCurrentValue ? 1 : 0); + } + } +}; + +/** + * Amalgamates the given ComparisonResult into this ComparisonResult. + * + * @param comparisonResult The ComparisonResult to include. + */ +ComparisonResult.prototype.addComparisonResult = function(comparisonResult) { + this.penaltyPoints += comparisonResult.penaltyPoints; + if (comparisonResult.additionalInfoInCurrentValue) { + this.additionalInfoInCurrentValue = comparisonResult.additionalInfoInCurrentValue; + } +}; + +/** + * Returns true if no penalty points have been assigned for the comparison. + * + * @return boolean true if the comparison was successful. + */ +ComparisonResult.prototype.isSuccessful = function() { + return nullOrUndefined(this.penaltyPoints) || this.penaltyPoints === 0; +}; + +/** + * Compares two simple objects (String|Number) and if they are equal then returns a ComparisonResult with zero + * penalty points assigned, otherwise returns a ComparisonResult with the given number of penalty points assigned. + * + * @param currentValue (String|Number) The current value. + * @param storedValue (String|Number) The stored value. + * @param config: { + * "penaltyPoints": (Number) The number of penalty points. + * } + * @return ComparisonResult. + */ +ScalarComparator.compare = function (currentValue, storedValue, config) { + if (logger.messageEnabled()) { + logger.message("StringComparator.compare:currentValue: " + JSON.stringify(currentValue)); + logger.message("StringComparator.compare:storedValue: " + JSON.stringify(storedValue)); + logger.message("StringComparator.compare:config: " + JSON.stringify(config)); + } + if (config.penaltyPoints === 0) { + return ComparisonResult.ZERO_PENALTY_POINTS; + } + + if (!nullOrUndefined(storedValue)) { + if (nullOrUndefined(currentValue) || currentValue !== storedValue) { + return new ComparisonResult(config.penaltyPoints); + } + } else if (!nullOrUndefined(currentValue)) { + return new ComparisonResult(true); + } + + return ComparisonResult.ZERO_PENALTY_POINTS; +}; + +/** + * Compares two screens and if they are equal then returns a ComparisonResult with zero penalty points assigned, + * otherwise returns a ComparisonResult with the given number of penalty points assigned. + * + * @param currentValue: { + * "screenWidth": (Number) The current client screen width. + * "screenHeight": (Number) The current client screen height. + * "screenColourDepth": (Number) The current client screen colour depth. + * } + * @param storedValue: { + * "screenWidth": (Number) The stored client screen width. + * "screenHeight": (Number) The stored client screen height. + * "screenColourDepth": (Number) The stored client screen colour depth. + * } + * @param config: { + * "penaltyPoints": (Number) The number of penalty points. + * } + * @return ComparisonResult + */ +ScreenComparator.compare = function (currentValue, storedValue, config) { + if (logger.messageEnabled()) { + logger.message("ScreenComparator.compare:currentValue: " + JSON.stringify(currentValue)); + logger.message("ScreenComparator.compare:storedValue: " + JSON.stringify(storedValue)); + logger.message("ScreenComparator.compare:config: " + JSON.stringify(config)); + } + + if (nullOrUndefined(currentValue)) { + currentValue = {screenWidth: null, screenHeight: null, screenColourDepth: null}; + } + if (nullOrUndefined(storedValue)) { + storedValue = {screenWidth: null, screenHeight: null, screenColourDepth: null}; + } + + var comparisonResults = [ + ScalarComparator.compare(currentValue.screenWidth, storedValue.screenWidth, config), + ScalarComparator.compare(currentValue.screenHeight, storedValue.screenHeight, config), + ScalarComparator.compare(currentValue.screenColourDepth, storedValue.screenColourDepth, config)]; + + if (all(comparisonResults, ComparisonResult.isSuccessful)) { + return new ComparisonResult(any(comparisonResults, ComparisonResult.additionalInfoInCurrentValue)); + } else { + return new ComparisonResult(config.penaltyPoints); + } +}; + +/** + * Splits both values using delimiter, trims every value and compares collections of values. + * Returns zero-result for same multi-value attributes. + * + * If collections are not same checks if number of differences is less or equal maxDifferences or + * percentage of difference is less or equal maxPercentageDifference. + * + * If yes then returns zero-result with additional info, else returns penaltyPoints-result. + * + * @param currentValue: (String) The current value. + * @param storedValue: (String) The stored value. + * @param config: { + * "maxPercentageDifference": (Number) The max difference percentage in the values, + * before the penalty is assigned. + * "maxDifferences": (Number) The max number of differences in the values, + * before the penalty points are assigned. + * "penaltyPoints": (Number) The number of penalty points. + * } + * @return ComparisonResult + */ +MultiValueComparator.compare = function (currentValue, storedValue, config) { + if (logger.messageEnabled()) { + logger.message("MultiValueComparator.compare:currentValue: " + JSON.stringify(currentValue)); + logger.message("MultiValueComparator.compare:storedValue: " + JSON.stringify(storedValue)); + logger.message("MultiValueComparator.compare:config: " + JSON.stringify(config)); + } + + var delimiter = ";", + currentValues = splitAndTrim(currentValue, delimiter), + storedValues = splitAndTrim(storedValue, delimiter), + maxNumberOfElements = Math.max(currentValues.length, storedValues.length), + numberOfTheSameElements = calculateIntersection(currentValues, storedValues).length, + numberOfDifferences = maxNumberOfElements - numberOfTheSameElements, + percentageOfDifferences = calculatePercentage(numberOfDifferences, maxNumberOfElements); + + if (nullOrUndefined(storedValue) && !nullOrUndefined(currentValue)) { + return new ComparisonResult(true); + } + + if (logger.messageEnabled()) { + logger.message(numberOfTheSameElements + " of " + maxNumberOfElements + " are same"); + } + + if (maxNumberOfElements === 0) { + logger.message("Ignored because no attributes found in both profiles"); + return ComparisonResult.ZERO_PENALTY_POINTS; + } + + if (numberOfTheSameElements === maxNumberOfElements) { + logger.message("Ignored because all attributes are same"); + return ComparisonResult.ZERO_PENALTY_POINTS; + } + + if (numberOfDifferences > config.maxDifferences) { + if (logger.messageEnabled()) { + logger.message("Would be ignored if not more than " + config.maxDifferences + " differences"); + } + return new ComparisonResult(config.penaltyPoints); + } + + if (percentageOfDifferences > config.maxPercentageDifference) { + if (logger.messageEnabled()) { + logger.message(percentageOfDifferences + " percents are different"); + logger.message("Would be ignored if not more than " + config.maxPercentageDifference + " percent"); + } + return new ComparisonResult(config.penaltyPoints); + } + + if (logger.messageEnabled()) { + logger.message("Ignored because number of differences(" + numberOfDifferences + ") not more than " + + config.maxDifferences); + logger.message(percentageOfDifferences + " percents are different"); + logger.message("Ignored because not more than " + config.maxPercentageDifference + " percent"); + } + return new ComparisonResult(true); +}; + +/** + * Compares two User Agent Strings and if they are equal then returns a ComparisonResult with zero penalty + * points assigned, otherwise returns a ComparisonResult with the given number of penalty points assigned. + * + * @param currentValue (String) The current value. + * @param storedValue (String) The stored value. + * @param config: { + * "ignoreVersion": (boolean) If the version numbers in the User Agent Strings should be ignore + * in the comparison. + * "penaltyPoints": (Number) The number of penalty points. + * } + * @return A ComparisonResult. + */ +UserAgentComparator.compare = function (currentValue, storedValue, config) { + if (logger.messageEnabled()) { + logger.message("UserAgentComparator.compare:currentValue: " + JSON.stringify(currentValue)); + logger.message("UserAgentComparator.compare:storedValue: " + JSON.stringify(storedValue)); + logger.message("UserAgentComparator.compare:config: " + JSON.stringify(config)); + } + + if (config.ignoreVersion) { + // remove version number + currentValue = nullOrUndefined(currentValue) ? null : currentValue.replace(/[\\d\\.]+/g, "").trim(); + storedValue = nullOrUndefined(storedValue) ? null : storedValue.replace(/[\\d\\.]+/g, "").trim(); + } + + return ScalarComparator.compare(currentValue, storedValue, config); +}; + +/** + * Compares two locations, taking into account a degree of difference. + * + * @param currentValue: { + * "latitude": (Number) The current latitude. + * "longitude": (Number) The current longitude. + * } + * @param storedValue: { + * "latitude": (Number) The stored latitude. + * "longitude": (Number) The stored longitude. + * } + * @param config: { + * "allowedRange": (Number) The max difference allowed in the two locations, before the penalty is assigned. + * "penaltyPoints": (Number) The number of penalty points. +* } + * @return ComparisonResult + */ +GeolocationComparator.compare = function (currentValue, storedValue, config) { + if (logger.messageEnabled()) { + logger.message("GeolocationComparator.compare:currentValue: " + JSON.stringify(currentValue)); + logger.message("GeolocationComparator.compare:storedValue: " + JSON.stringify(storedValue)); + logger.message("GeolocationComparator.compare:config: " + JSON.stringify(config)); + } + + // Check for undefined stored or current locations + + if (undefinedLocation(currentValue) && undefinedLocation(storedValue)) { + return ComparisonResult.ZERO_PENALTY_POINTS; + } + if (undefinedLocation(currentValue) && !undefinedLocation(storedValue)) { + return new ComparisonResult(config.penaltyPoints); + } + if (!undefinedLocation(currentValue) && undefinedLocation(storedValue)) { + return new ComparisonResult(true); + } + + // Both locations defined, therefore perform comparison + + var distance = calculateDistance(currentValue, storedValue); + + if (logger.messageEnabled()) { + logger.message("Distance between (" + currentValue.latitude + "," + currentValue.longitude + ") and (" + + storedValue.latitude + "," + storedValue.longitude + ") is " + distance + " miles"); + } + + if (parseFloat(distance.toPrecision(5)) === 0) { + logger.message("Location is the same"); + return ComparisonResult.ZERO_PENALTY_POINTS; + } + + if (distance <= config.allowedRange) { + if (logger.messageEnabled()) { + logger.message("Tolerated because distance not more then " + config.allowedRange); + } + return new ComparisonResult(true); + } else { + if (logger.messageEnabled()) { + logger.message("Would be ignored if distance not more then " + config.allowedRange); + } + return new ComparisonResult(config.penaltyPoints); + } +}; + + +//---------------------------------------------------------------------------// +// Device Print Logic - DO NOT MODIFY // +//---------------------------------------------------------------------------// + +// Utility functions + +/** + * Returns true if evaluating function f on each element of the Array a returns true. + * + * @param a: (Array) The array of elements to evaluate + * @param f: (Function) A single argument function for mapping elements of the array to boolean. + * @return boolean. + */ +all = function(a, f) { + var i; + for (i = 0; i < a.length; i++) { + if (f(a[i]) === false) { + return false; + } + } + return true; +}; + +/** + * Returns true if evaluating function f on any element of the Array a returns true. + * + * @param a: (Array) The array of elements to evaluate + * @param f: (Function) A single argument function for mapping elements of the array to boolean. + * @return boolean. + */ +any = function(a, f) { + var i; + for (i = 0; i < a.length; i++) { + if (f(a[i]) === true) { + return true; + } + } + return false; +}; + +/** + * Returns true if the provided location is null or has undefined longitude or latitude values. + * + * @param location: { + * "latitude": (Number) The latitude. + * "longitude": (Number) The longitude. + * } + * @return boolean + */ +undefinedLocation = function(location) { + return nullOrUndefined(location) || nullOrUndefined(location.latitude) || nullOrUndefined(location.longitude); +}; + +/** + * Returns true if the provided value is null or undefined. + * + * @param value: a value of any type + * @return boolean + */ +nullOrUndefined = function(value) { + return value === null || value === undefined; +}; + +/** + * Calculates the distances between the two locations. + * + * @param first: { + * "latitude": (Number) The first latitude. + * "longitude": (Number) The first longitude. + * } + * @param second: { + * "latitude": (Number) The second latitude. + * "longitude": (Number) The second longitude. + * } + * @return Number The distance between the two locations. + */ +calculateDistance = function(first, second) { + var factor = (Math.PI / 180), + theta, + dist; + function degreesToRadians(degrees) { + return degrees * factor; + } + function radiansToDegrees(radians) { + return radians / factor; + } + theta = first.longitude - second.longitude; + dist = Math.sin(degreesToRadians(first.latitude)) * Math.sin(degreesToRadians(second.latitude)) + + Math.cos(degreesToRadians(first.latitude)) * Math.cos(degreesToRadians(second.latitude)) + * Math.cos(degreesToRadians(theta)); + dist = Math.acos(dist); + dist = radiansToDegrees(dist); + dist = dist * 60 * 1.1515; + return dist; +}; + +/** + * Converts a String holding a delimited sequence of values into an array. + * + * @param text (String) The String representation of a delimited sequence of values. + * @param delimiter (String) The character delimiting values within the text String. + * @return (Array) The comma separated values. + */ +splitAndTrim = function(text, delimiter) { + + var results = [], + i, + values, + value; + if (text === null) { + return results; + } + + values = text.split(delimiter); + for (i = 0; i < values.length; i++) { + value = values[i].trim(); + if (value !== "") { + results.push(value); + } + } + + return results; +}; + +/** + * Converts value to a percentage of range. + * + * @param value (Number) The actual number to be converted to a percentage. + * @param range (Number) The total number of values (i.e. represents 100%). + * @return (Number) The percentage. + */ +calculatePercentage = function(value, range) { + if (range === 0) { + return 0; + } + return parseFloat((value / range).toPrecision(2)) * 100; +}; + +/** + * Creates a new array containing only those elements found in both arrays received as arguments. + * + * @param first (Array) The first array. + * @param second (Array) The second array. + * @return (Array) The elements that found in first and second. + */ +calculateIntersection = function(first, second) { + return first.filter(function(element) { + return second.indexOf(element) !== -1; + }); +}; + +function getValue(obj, attributePath) { + var value = obj, + i; + for (i = 0; i < attributePath.length; i++) { + if (value === undefined) { + return null; + } + value = value[attributePath[i]]; + } + return value; +} + + +function isLeafNode(attributeConfig) { + return attributeConfig.comparator !== undefined; +} + +function getAttributePaths(attributeConfig, attributePath) { + + var attributePaths = [], + attributeName, + attrPaths, + attrPath, + i; + + for (attributeName in attributeConfig) { + if (attributeConfig.hasOwnProperty(attributeName)) { + + if (isLeafNode(attributeConfig[attributeName])) { + attrPath = attributePath.slice(); + attrPath.push(attributeName); + attributePaths.push(attrPath); + } else { + attrPath = attributePath.slice(); + attrPath.push(attributeName); + attrPaths = getAttributePaths(attributeConfig[attributeName], attrPath); + for (i = 0; i < attrPaths.length; i++) { + attributePaths.push(attrPaths[i]); + } + } + } + } + + return attributePaths; +} + +function getDevicePrintAttributePaths(attributeConfig) { + return getAttributePaths(attributeConfig, []); +} + +function hasRequiredAttributes(devicePrint, attributeConfig) { + + var attributePaths = getDevicePrintAttributePaths(attributeConfig), + i, + attrValue, + attrConfig; + + for (i = 0; i < attributePaths.length; i++) { + + attrValue = getValue(devicePrint, attributePaths[i]); + attrConfig = getValue(attributeConfig, attributePaths[i]); + + if (attrConfig.required && attrValue === undefined) { + logger.warning("Device Print profile missing required attribute, " + attributePaths[i]); + return false; + } + } + + logger.message("device print has required attributes"); + return true; +} + +function compareDevicePrintProfiles(attributeConfig, devicePrint, devicePrintProfiles, maxPenaltyPoints) { + + var attributePaths = getDevicePrintAttributePaths(attributeConfig), + dao = sharedState.get('_DeviceIdDao'), + results, + j, + aggregatedComparisonResult, + i, + currentValue, + storedValue, + attrConfig, + comparisonResult, + selectedComparisonResult, + selectedProfile, + curDevicePrintProfile, + vals; + + results = []; + for (j = 0; j < devicePrintProfiles.length; j++) { + curDevicePrintProfile = JSON.parse(org.forgerock.json.JsonValue.json(devicePrintProfiles[j])); + aggregatedComparisonResult = new ComparisonResult(); + for (i = 0; i < attributePaths.length; i++) { + + currentValue = getValue(devicePrint, attributePaths[i]); + storedValue = getValue(curDevicePrintProfile.devicePrint, attributePaths[i]); + attrConfig = getValue(attributeConfig, attributePaths[i]); + + if (storedValue === null) { + comparisonResult = new ComparisonResult(attrConfig.penaltyPoints); + } else { + comparisonResult = attrConfig.comparator.compare(currentValue, storedValue, attrConfig.args); + } + + if (logger.messageEnabled()) { + logger.message("Comparing attribute path: " + attributePaths[i] + + ", Comparison result: successful=" + comparisonResult.isSuccessful() + ", penaltyPoints=" + + comparisonResult.penaltyPoints + ", additionalInfoInCurrentValue=" + + comparisonResult.additionalInfoInCurrentValue); + } + aggregatedComparisonResult.addComparisonResult(comparisonResult); + } + if (logger.messageEnabled()) { + logger.message("Aggregated comparison result: successful=" + + aggregatedComparisonResult.isSuccessful() + ", penaltyPoints=" + + aggregatedComparisonResult.penaltyPoints + ", additionalInfoInCurrentValue=" + + aggregatedComparisonResult.additionalInfoInCurrentValue); + } + + results.push({ + key: aggregatedComparisonResult, + value: devicePrintProfiles[j] + }); + } + + if (results.length === 0) { + return null; + } + + results.sort(function(a, b) { + return ComparisonResult.compare(a.key, b.key); + }); + selectedComparisonResult = results[0].key; + if (logger.messageEnabled()) { + logger.message("Selected comparison result: successful=" + selectedComparisonResult.isSuccessful() + + ", penaltyPoints=" + selectedComparisonResult.penaltyPoints + ", additionalInfoInCurrentValue=" + + selectedComparisonResult.additionalInfoInCurrentValue); + } + + selectedProfile = null; + if (selectedComparisonResult.penaltyPoints <= maxPenaltyPoints) { + selectedProfile = results[0].value; + if (logger.messageEnabled()) { + logger.message("Selected profile: " + selectedProfile + + " with " + selectedComparisonResult.penaltyPoints + " penalty points"); + } + } + + if (selectedProfile === null) { + return false; + } + + /* update profile */ + selectedProfile.put("selectionCounter", + java.lang.Integer.valueOf(parseInt(selectedProfile.get("selectionCounter"), 10) + 1)); + selectedProfile.put("lastSelectedDate", java.lang.Long.valueOf(new Date().getTime())); + selectedProfile.put("devicePrint", devicePrint); + + vals = []; + for (i = 0; i < devicePrintProfiles.length; i++) { + vals.push(org.forgerock.json.JsonValue.json(devicePrintProfiles[i])); + } + + dao.saveDeviceProfiles(username, realm, vals); + + return true; +} + +function matchDevicePrint() { + + if (!username) { + logger.error("Username not set. Cannot compare user's device print profiles."); + authState = FAILED; + } else { + + if (logger.messageEnabled()) { + logger.message("client devicePrint: " + clientScriptOutputData); + } + + var getProfiles = function () { + + function isExpiredProfile(devicePrintProfile) { + var expirationDate = new Date(), + lastSelectedDate; + expirationDate.setDate(expirationDate.getDate() - config.profileExpiration); + + lastSelectedDate = new Date(devicePrintProfile.lastSelectedDate); + + return lastSelectedDate < expirationDate; + } + + function getNotExpiredProfiles() { + var profile, + dao = sharedState.get('_DeviceIdDao'), + results = [], + profiles, + iter; + + profiles = dao.getDeviceProfiles(username, realm); + + if (profiles) { + iter = profiles.iterator(); + + while (iter.hasNext()) { + profile = iter.next().getObject(); + if (!isExpiredProfile(profile)) { + results.push(profile); + } + } + } + if (logger.messageEnabled()) { + logger.message("stored non-expired profiles: " + results); + } + return results; + } + + return getNotExpiredProfiles(); + }, + devicePrint = JSON.parse(clientScriptOutputData), + devicePrintProfiles = getProfiles(); + + if (!hasRequiredAttributes(devicePrint, config.attributes)) { + logger.message("devicePrint.hasRequiredAttributes: false"); + // Will fail this module but fall-through to next module. Which should be OTP. + authState = FAILED; + } else if (compareDevicePrintProfiles(config.attributes, devicePrint, devicePrintProfiles, config.maxPenaltyPoints)) { + logger.message("devicePrint.hasValidProfile: true"); + authState = SUCCESS; + } else { + logger.message("devicePrint.hasValidProfile: false"); + sharedState.put('devicePrintProfile', JSON.stringify(devicePrint)); + // Will fail this module but fall-through to next module. Which should be OTP. + authState = FAILED; + } + } +} + +matchDevicePrint(); +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Device-Id-(Match)-Server-Side.script.json 1`] = ` +{ + "script": { + "703dab1a-1921-4981-98dd-b8e5349d8548": { + "_id": "703dab1a-1921-4981-98dd-b8e5349d8548", + "context": "AUTHENTICATION_SERVER_SIDE", + "default": true, + "description": "Default global script for server side Device Id (Match) Authentication Module", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "name": "Device Id (Match) - Server Side", + "script": "file://Device-Id-(Match)-Server-Side.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Device-Profile-Match-Template-Decision-Node-Script.script.js 1`] = ` +"/* + * Copyright 2020-2022 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/** ****************************************************************** + * + * The following script is a simplified template for understanding + * the basics of device matching. _This is not functionally complete._ + * For a functionally complete script as well as a development toolkit, + * visit https://github.com/ForgeRock/forgerock-device-match-script. + * + * Global node variables accessible within this scope: + * 1. \`sharedState\` provides access to incoming request + * 2. \`deviceProfilesDao\` provides access to stored profiles + * 3. \`outcome\` variable maps to auth tree node outcomes; values are + * 'true', 'false', or 'unknownDevice' (notice _all_ are strings). + * ******************************************************************/ + +/** + * Get the incoming request's device profile. + * Returns serialized JSON (type string); parsing this will result a + * native JS object. + */ +var incomingJson = sharedState.get('forgeRock.device.profile').toString(); +var incoming = JSON.parse(incomingJson); + +/** + * Get the incoming user's username and realm. + * Notice the use of \`.asString()\`. + */ +var username = sharedState.get("username").asString(); +var realm = sharedState.get("realm").asString(); + +/** + * Get the user's stored profiles for appropriate realm. + * Returns a _special_ object with methods for profile data + */ +var storedProfiles = deviceProfilesDao.getDeviceProfiles(username, realm); + +// Default to \`outcome\` of 'unknownDevice' +outcome = 'unknownDevice'; + +if (storedProfiles) { + var i = 0; + // NOTE: \`.size()\` method returns the number of stored profiles + var len = storedProfiles.size(); + + for (i; i < len; i++) { + /** + * Get the stored profile. + * Returns serialized JSON (type string); parsing this will result + * a native JS object. + */ + var storedJson = storedProfiles.get(i); + var stored = JSON.parse(storedJson); + + /** + * Find a stored profile with the same identifier. + */ + if (incoming.identifier === stored.identifier) { + + /** + * Now that you've found the appropriate profile, you will perform + * the logic here to match the values of the \`incoming\` profile + * with that of the \`stored\` profile. + * + * The result of the matching logic is assigned to \`outcome\`. Since + * we have profiles of the same identifier, the value (type string) + * should now be either 'true' or 'false' (properties matched or not). + * + * For more information about this topic, visit this Github repo: + * https://github.com/ForgeRock/forgerock-device-match-script + */ + outcome = 'false'; + } + } +} +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Device-Profile-Match-Template-Decision-Node-Script.script.json 1`] = ` +{ + "script": { + "13e3f263-9cd3-4844-8d1c-040fd0dd02eb": { + "_id": "13e3f263-9cd3-4844-8d1c-040fd0dd02eb", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "default": true, + "description": "Default global script template for Device Profile Match decision node script for Authentication Tree", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "name": "Device Profile Match Template - Decision Node Script", + "script": "file://Device-Profile-Match-Template-Decision-Node-Script.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Facebook-Profile-Normalization.script.groovy 1`] = ` +"/* + * Copyright 2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +import static org.forgerock.json.JsonValue.field +import static org.forgerock.json.JsonValue.json +import static org.forgerock.json.JsonValue.object + +return json(object( + field("id", rawProfile.id), + field("displayName", rawProfile.name), + field("givenName", rawProfile.first_name), + field("familyName", rawProfile.last_name), + field("photoUrl", rawProfile.picture.data.url), + field("email", rawProfile.email), + field("username", rawProfile.email))) +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Facebook-Profile-Normalization.script.json 1`] = ` +{ + "script": { + "bae1d54a-e97d-4997-aa5d-c027f21af82c": { + "_id": "bae1d54a-e97d-4997-aa5d-c027f21af82c", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "default": true, + "description": "Normalizes raw profile data from Facebook", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "Facebook Profile Normalization", + "script": "file://Facebook-Profile-Normalization.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/GitHub-Profile-Normalization.script.groovy 1`] = ` +"/* + * Copyright 2022 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +import static org.forgerock.json.JsonValue.field +import static org.forgerock.json.JsonValue.json +import static org.forgerock.json.JsonValue.object + +return json(object( + field("id", rawProfile.id), + field("displayName", rawProfile.name), + field("username", rawProfile.login))) +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/GitHub-Profile-Normalization.script.json 1`] = ` +{ + "script": { + "a7a78773-445b-4eca-bb93-409e86bced81": { + "_id": "a7a78773-445b-4eca-bb93-409e86bced81", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "default": true, + "description": "Normalizes raw profile data from GitHub", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "GitHub Profile Normalization", + "script": "file://GitHub-Profile-Normalization.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Google-Profile-Normalization.script.groovy 1`] = ` +"/* + * Copyright 2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +import static org.forgerock.json.JsonValue.field +import static org.forgerock.json.JsonValue.json +import static org.forgerock.json.JsonValue.object + +return json(object( + field("id", rawProfile.sub), + field("displayName", rawProfile.name), + field("givenName", rawProfile.given_name), + field("familyName", rawProfile.family_name), + field("photoUrl", rawProfile.picture), + field("email", rawProfile.email), + field("username", rawProfile.email), + field("locale", rawProfile.locale))) +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Google-Profile-Normalization.script.json 1`] = ` +{ + "script": { + "58d29080-4563-480b-89bb-1e7719776a21": { + "_id": "58d29080-4563-480b-89bb-1e7719776a21", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "default": true, + "description": "Normalizes raw profile data from Google", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "Google Profile Normalization", + "script": "file://Google-Profile-Normalization.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Instagram-Profile-Normalization.script.groovy 1`] = ` +"/* + * Copyright 2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +import static org.forgerock.json.JsonValue.field +import static org.forgerock.json.JsonValue.json +import static org.forgerock.json.JsonValue.object + +return json(object( + field("id", rawProfile.id), + field("username", rawProfile.username))) +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Instagram-Profile-Normalization.script.json 1`] = ` +{ + "script": { + "1244e639-4a31-401d-ab61-d75133d8dc9e": { + "_id": "1244e639-4a31-401d-ab61-d75133d8dc9e", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "default": true, + "description": "Normalizes raw profile data from Instagram", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "Instagram Profile Normalization", + "script": "file://Instagram-Profile-Normalization.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Itsme-Profile-Normalization.script.groovy 1`] = ` +"/* + * Copyright 2020-2021 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +import static org.forgerock.json.JsonValue.field +import static org.forgerock.json.JsonValue.json +import static org.forgerock.json.JsonValue.object + +import org.forgerock.json.JsonValue + +JsonValue managedUser = json(object( + field("id", rawProfile.sub), + field("displayName", rawProfile.name), + field("givenName", rawProfile.given_name), + field("familyName", rawProfile.family_name), + field("username", rawProfile.email), + field("email", rawProfile.email))) +return managedUser +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Itsme-Profile-Normalization.script.json 1`] = ` +{ + "script": { + "3d97c436-42c0-4dd0-a571-ea6f34f752b3": { + "_id": "3d97c436-42c0-4dd0-a571-ea6f34f752b3", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "default": true, + "description": "Normalizes raw profile data from Itsme", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "Itsme Profile Normalization", + "script": "file://Itsme-Profile-Normalization.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Legacy.script.js 1`] = ` +"/* + * Copyright 2014-2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ +import com.iplanet.sso.SSOException +import com.sun.identity.idm.IdRepoException +import org.forgerock.oauth2.core.exceptions.InvalidRequestException +import org.forgerock.oauth2.core.UserInfoClaims +import org.forgerock.openidconnect.Claim + +/* +* Defined variables: +* logger - always presents, the "OAuth2Provider" debug logger instance +* claims - always present, default server provided claims - Map +* claimObjects - always present, default server provided claims - List +* session - present if the request contains the session cookie, the user's session object +* identity - always present, the identity of the resource owner +* scopes - always present, the requested scopes +* scriptName - always present, the display name of the script +* requestProperties - always present, contains a map of request properties: +* requestUri - the request URI +* realm - the realm that the request relates to +* requestParams - a map of the request params and/or posted data. Each value is a list of one or +* more properties. Please note that these should be handled in accordance with OWASP best practices. +* clientProperties - present if the client specified in the request was identified, contains a map of client +* properties: +* clientId - the client's Uri for the request locale +* allowedGrantTypes - list of the allowed grant types (org.forgerock.oauth2.core.GrantType) +* for the client +* allowedResponseTypes - list of the allowed response types for the client +* allowedScopes - list of the allowed scopes for the client +* customProperties - A map of the custom properties of the client. +* Lists or maps will be included as sub-maps, e.g: +* testMap[Key1]=Value1 will be returned as testmap -> Key1 -> Value1 +* requestedClaims - Map> +* always present, not empty if the request contains a claims parameter and server has enabled +* claims_parameter_supported, map of requested claims to possible values, otherwise empty, +* requested claims with no requested values will have a key but no value in the map. A key with +* a single value in its Set indicates this is the only value that should be returned. +* requestedTypedClaims - List +* always present, not empty if the request contains a claims parameter and server has enabled +* claims_parameter_supported, list of requested claims with claim name, requested possible values +* and if claim is essential, otherwise empty, +* requested claims with no requested values will have a claim with no values. A claims with +* a single value indicates this is the only value that should be returned. +* claimsLocales - the values from the 'claims_locales' parameter - List +* Required to return a Map of claims to be added to the id_token claims +* +* Expected return value structure: +* UserInfoClaims { +* Map values; // The values of the claims for the user information +* Map> compositeScopes; // Mapping of scope name to a list of claim names. +* } +*/ + +// user session not guaranteed to be present +boolean sessionPresent = session != null + +/* + * Pulls first value from users profile attribute + * + * @param claim The claim object. + * @param attr The profile attribute name. + */ +def fromSet = { claim, attr -> + if (attr != null && attr.size() == 1){ + attr.iterator().next() + } else if (attr != null && attr.size() > 1){ + attr + } else if (logger.warningEnabled()) { + logger.warning("OpenAMScopeValidator.getUserInfo(): Got an empty result for claim=$claim"); + } +} + +// ---vvvvvvvvvv--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---vvvvvvvvvv--- +/* + * Claim resolver which resolves the value of the claim from its requested values. + * + * This resolver will return a value if the claim has one requested values, otherwise an exception is thrown. + */ +defaultClaimResolver = { claim -> + if (claim.getValues().size() == 1) { + [(claim.getName()): claim.getValues().iterator().next()] + } else { + [:] + } +} + +/* + * Claim resolver which resolves the value of the claim by looking up the user's profile. + * + * This resolver will return a value for the claim if: + * # the user's profile attribute is not null + * # AND the claim contains no requested values + * # OR the claim contains requested values and the value from the user's profile is in the list of values + * + * If no match is found an exception is thrown. + */ +userProfileClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) { + return [(claim.getName()): userProfileValue] + } + } + [:] +} + +/* + * Claim resolver which resolves the value of the claim of the user's address. + * + * This resolver will return a value for the claim if: + * # the value of the address is not null + * + */ +userAddressClaimResolver = { claim, identity -> + if (identity != null) { + addressFormattedValue = fromSet(claim.getName(), identity.getAttribute("postaladdress")) + if (addressFormattedValue != null) { + return [ + "formatted" : addressFormattedValue + ] + } + } + [:] +} + +/* + * Claim resolver which resolves the value of the claim by looking up the user's profile. + * + * This resolver will return a value for the claim if: + * # the user's profile attribute is not null + * # AND the claim contains no requested values + * # OR the claim contains requested values and the value from the user's profile is in the list of values + * + * If the claim is essential and no value is found an InvalidRequestException will be thrown and returned to the user. + * If no match is found an exception is thrown. + */ +essentialClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (claim.isEssential() && (userProfileValue == null || userProfileValue.isEmpty())) { + throw new InvalidRequestException("Could not provide value for essential claim $claim") + } + if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) { + return [(claim.getName()): userProfileValue] + } + } + return [:] +} + +/* + * Claim resolver which expects the user's profile attribute value to be in the following format: + * "language_tag|value_for_language,...". + * + * This resolver will take the list of requested languages from the 'claims_locales' authorize request + * parameter and attempt to match it to a value from the users' profile attribute. + * If no match is found an exception is thrown. + */ +claimLocalesClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (userProfileValue != null) { + localeValues = parseLocaleAwareString(userProfileValue) + locale = claimsLocales.find { locale -> localeValues.containsKey(locale) } + if (locale != null) { + return [(claim.getName()): localeValues.get(locale)] + } + } + } + return [:] +} + +/* + * Claim resolver which expects the user's profile attribute value to be in the following format: + * "language_tag|value_for_language,...". + * + * This resolver will take the language tag specified in the claim object and attempt to match it to a value + * from the users' profile attribute. If no match is found an exception is thrown. + */ +languageTagClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (userProfileValue != null) { + localeValues = parseLocaleAwareString(userProfileValue) + if (claim.getLocale() != null) { + if (localeValues.containsKey(claim.getLocale())) { + return [(claim.getName()): localeValues.get(claim.getLocale())] + } else { + entry = localeValues.entrySet().iterator().next() + return [(claim.getName() + "#" + entry.getKey()): entry.getValue()] + } + } else { + entry = localeValues.entrySet().iterator().next() + return [(claim.getName()): entry.getValue()] + } + } + } + return [:] +} + +/* + * Given a string "en|English,jp|Japenese,fr_CA|French Canadian" will return map of locale -> value. + */ +parseLocaleAwareString = { s -> + return result = s.split(",").collectEntries { entry -> + split = entry.split("\\\\|") + [(split[0]): value = split[1]] + } +} +// ---^^^^^^^^^^--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---^^^^^^^^^^--- + +// -------------- UPDATE THIS TO CHANGE CLAIM TO ATTRIBUTE MAPPING FUNCTIONS --------------- +/* + * List of claim resolver mappings. + */ +// [ {claim}: {attribute retriever}, ... ] +claimAttributes = [ + "email": userProfileClaimResolver.curry("mail"), + "address": { claim, identity -> [ "address" : userAddressClaimResolver(claim, identity) ] }, + "phone_number": userProfileClaimResolver.curry("telephonenumber"), + "given_name": userProfileClaimResolver.curry("givenname"), + "zoneinfo": userProfileClaimResolver.curry("preferredtimezone"), + "family_name": userProfileClaimResolver.curry("sn"), + "locale": userProfileClaimResolver.curry("preferredlocale"), + "name": userProfileClaimResolver.curry("cn") +] + + +// -------------- UPDATE THIS TO CHANGE SCOPE TO CLAIM MAPPINGS -------------- +/* + * Map of scopes to claim objects. + */ +// {scope}: [ {claim}, ... ] +scopeClaimsMap = [ + "email": [ "email" ], + "address": [ "address" ], + "phone": [ "phone_number" ], + "profile": [ "given_name", "zoneinfo", "family_name", "locale", "name" ] +] + + +// ---------------- UPDATE BELOW FOR ADVANCED USAGES ------------------- +if (logger.messageEnabled()) { + scopes.findAll { s -> !("openid".equals(s) || scopeClaimsMap.containsKey(s)) }.each { s -> + logger.message("OpenAMScopeValidator.getUserInfo()::Message: scope not bound to claims: $s") + } +} + +/* + * Computes the claims return key and value. The key may be a different value if the claim value is not in + * the requested language. + */ +def computeClaim = { claim -> + try { + claimResolver = claimAttributes.get(claim.getName(), { claimObj, identity -> defaultClaimResolver(claim)}) + claimResolver(claim, identity) + } catch (IdRepoException e) { + if (logger.warningEnabled()) { + logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e); + } + } catch (SSOException e) { + if (logger.warningEnabled()) { + logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e); + } + } +} + +/* + * Converts requested scopes into claim objects based on the scope mappings in scopeClaimsMap. + */ +def convertScopeToClaims = { + scopes.findAll { scope -> "openid" != scope && scopeClaimsMap.containsKey(scope) }.collectMany { scope -> + scopeClaimsMap.get(scope).collect { claim -> + new Claim(claim) + } + } +} + +// Creates a full list of claims to resolve from requested scopes, claims provided by AS and requested claims +def claimsToResolve = convertScopeToClaims() + claimObjects + requestedTypedClaims + +// Computes the claim return key and values for all requested claims +computedClaims = claimsToResolve.collectEntries() { claim -> + result = computeClaim(claim) +} + +// Computes composite scopes +def compositeScopes = scopeClaimsMap.findAll { scope -> + scopes.contains(scope.key) +} + +return new UserInfoClaims((Map)computedClaims, (Map)compositeScopes) +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Legacy.script.json 1`] = ` +{ + "script": { + "1817cc25-fc84-4053-8f91-4ef130616e25": { + "_id": "1817cc25-fc84-4053-8f91-4ef130616e25", + "context": "OIDC_CLAIMS", + "default": false, + "description": "null", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "name": "Legacy", + "script": "file://Legacy.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Library-Script.script.js 1`] = ` +"/* + * Copyright 2022-2023 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This is an example library script with methods that can be used in other scripts. + * To reference it, use the following: + * + * var library = require("Library Script"); + * + * library.logError(logger, "Error message"); + * library.logDebug(logger, "Debug message"); + */ + +function logError(log, errorMessage) { + log.error(errorMessage); +} + +function logWarning(log, warningMessage) { + log.warn(warningMessage); +} + +exports.logError = logError; +exports.logWarning = logWarning; + +// Alternatively, exports can be declared using an inline arrow function + +exports.logInfo = (log, infoMessage) => log.info(infoMessage); +exports.logDebug = (log, debugMessage) => log.debug(debugMessage); +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Library-Script.script.json 1`] = ` +{ + "script": { + "6c49bebe-3a62-11ed-a261-0242ac120002": { + "_id": "6c49bebe-3a62-11ed-a261-0242ac120002", + "context": "LIBRARY", + "default": true, + "description": "Default global library script to be referenced from other scripts", + "evaluatorVersion": "2.0", + "exports": [ + { + "arity": 2, + "id": "logError", + "type": "Function", + }, + { + "arity": 2, + "id": "logWarning", + "type": "Function", + }, + { + "arity": 2, + "id": "logInfo", + "type": "Function", + }, + { + "arity": 2, + "id": "logDebug", + "type": "Function", + }, + ], + "language": "JAVASCRIPT", + "name": "Library Script", + "script": "file://Library-Script.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/LinkedIn-Profile-Normalization.script.groovy 1`] = ` +"/* + * Copyright 2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +import static org.forgerock.json.JsonValue.field +import static org.forgerock.json.JsonValue.json +import static org.forgerock.json.JsonValue.object + +return json(object( + field("id", rawProfile.id), + field("givenName", rawProfile.firstName.localized.get(0)), + field("familyName", rawProfile.lastName.localized.get(0)), + field("photoUrl", rawProfile.profilePicture.displayImage), + field("email", rawProfile.elements.get(0).get("handle~").emailAddress), + field("username", rawProfile.elements.get(0).get("handle~").emailAddress))) +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/LinkedIn-Profile-Normalization.script.json 1`] = ` +{ + "script": { + "8862ca8f-7770-4af5-a888-ac0df0947f36": { + "_id": "8862ca8f-7770-4af5-a888-ac0df0947f36", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "default": true, + "description": "Normalizes raw profile data from LinkedIn", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "LinkedIn Profile Normalization", + "script": "file://LinkedIn-Profile-Normalization.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Microsoft-Profile-Normalization.script.groovy 1`] = ` +"/* + * Copyright 2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +import static org.forgerock.json.JsonValue.field +import static org.forgerock.json.JsonValue.json +import static org.forgerock.json.JsonValue.object + +return json(object( + field("id", rawProfile.id), + field("displayName", rawProfile.displayName), + field("givenName", rawProfile.givenName), + field("familyName", rawProfile.surname), + field("email", rawProfile.userPrincipalName), + field("username", rawProfile.userPrincipalName))) +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Microsoft-Profile-Normalization.script.json 1`] = ` +{ + "script": { + "73cecbfc-dad0-4395-be6a-6858ee3a80e5": { + "_id": "73cecbfc-dad0-4395-be6a-6858ee3a80e5", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "default": true, + "description": "Normalizes raw profile data from Microsoft", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "Microsoft Profile Normalization", + "script": "file://Microsoft-Profile-Normalization.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/NextGeneration.script.js 1`] = ` +"/* + * Copyright 2022-2023 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This is an example library script with methods that can be used in other scripts. + * To reference it, use the following: + * + * var library = require("Library Script"); + * + * library.logError(logger, "Error message"); + * library.logDebug(logger, "Debug message"); + */ + +function logError(log, errorMessage) { + log.error(errorMessage); +} + +function logWarning(log, warningMessage) { + log.warn(warningMessage); +} + +exports.logError = logError; +exports.logWarning = logWarning; + +// Alternatively, exports can be declared using an inline arrow function + +exports.logInfo = (log, infoMessage) => log.info(infoMessage); +exports.logDebug = (log, debugMessage) => log.debug(debugMessage); +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/NextGeneration.script.json 1`] = ` +{ + "script": { + "31bd2ae6-c929-4547-b636-84b874715d60": { + "_id": "31bd2ae6-c929-4547-b636-84b874715d60", + "context": "LIBRARY", + "default": false, + "description": "null", + "evaluatorVersion": "2.0", + "exports": [ + { + "arity": 2, + "id": "logError", + "type": "Function", + }, + { + "arity": 2, + "id": "logWarning", + "type": "Function", + }, + { + "arity": 2, + "id": "logInfo", + "type": "Function", + }, + { + "arity": 2, + "id": "logDebug", + "type": "Function", + }, + ], + "language": "JAVASCRIPT", + "name": "NextGeneration", + "script": "file://NextGeneration.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Normalized-Profile-to-Identity.script.groovy 1`] = ` +"/* + * Copyright 2021 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +import static org.forgerock.json.JsonValue.field +import static org.forgerock.json.JsonValue.json +import static org.forgerock.json.JsonValue.object + +import org.forgerock.json.JsonValue + +JsonValue identity = json(object( + field("givenName", normalizedProfile.givenName), + field("sn", normalizedProfile.familyName), + field("mail", normalizedProfile.email), + field("cn", normalizedProfile.displayName), + field("userName", normalizedProfile.username), + field("iplanet-am-user-alias-list", selectedIdp + '-' + normalizedProfile.id.asString()))) + +return identity +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Normalized-Profile-to-Identity.script.json 1`] = ` +{ + "script": { + "ed685f9f-5909-4726-86e8-22bd38b47663": { + "_id": "ed685f9f-5909-4726-86e8-22bd38b47663", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "default": true, + "description": "Converts a normalized social profile into an Identity", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "Normalized Profile to Identity", + "script": "file://Normalized-Profile-to-Identity.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Normalized-Profile-to-Managed-User.script.groovy 1`] = ` +"/* + * Copyright 2020-2022 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +import static org.forgerock.json.JsonValue.field +import static org.forgerock.json.JsonValue.json +import static org.forgerock.json.JsonValue.object + +import org.forgerock.json.JsonValue + +JsonValue managedUser = json(object( + field("givenName", normalizedProfile.givenName), + field("sn", normalizedProfile.familyName), + field("mail", normalizedProfile.email), + field("userName", normalizedProfile.username))) + +if (normalizedProfile.postalAddress.isNotNull()) managedUser.put("postalAddress", normalizedProfile.postalAddress) +if (normalizedProfile.addressLocality.isNotNull()) managedUser.put("city", normalizedProfile.addressLocality) +if (normalizedProfile.addressRegion.isNotNull()) managedUser.put("stateProvince", normalizedProfile.addressRegion) +if (normalizedProfile.postalCode.isNotNull()) managedUser.put("postalCode", normalizedProfile.postalCode) +if (normalizedProfile.country.isNotNull()) managedUser.put("country", normalizedProfile.country) +if (normalizedProfile.phone.isNotNull()) managedUser.put("telephoneNumber", normalizedProfile.phone) + +// if the givenName and familyName is null or empty +// then add a boolean flag to the shared state to indicate names are not present +// this could be used elsewhere +// for eg. this could be used in a scripted decision node to by-pass patching +// the user object with blank values when givenName and familyName is not present +boolean noGivenName = normalizedProfile.givenName.isNull() || (!normalizedProfile.givenName.asString()?.trim()) +boolean noFamilyName = normalizedProfile.familyName.isNull() || (!normalizedProfile.familyName.asString()?.trim()) +sharedState.put("nameEmptyOrNull", noGivenName && noFamilyName) + + +return managedUser +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/Normalized-Profile-to-Managed-User.script.json 1`] = ` +{ + "script": { + "58c824ae-84ed-4724-82cd-db128fc3f6c": { + "_id": "58c824ae-84ed-4724-82cd-db128fc3f6c", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "default": true, + "description": "Converts a normalized social profile into a managed user", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "Normalized Profile to Managed User", + "script": "file://Normalized-Profile-to-Managed-User.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OAuth2-Access-Token-Modification-Script.script.groovy 1`] = ` +"/* + * Copyright 2019-2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +import org.forgerock.http.protocol.Request +import org.forgerock.http.protocol.Response + +import com.iplanet.sso.SSOException + +import groovy.json.JsonSlurper + +/** + * Defined variables: + * accessToken - The access token to be updated. Mutable object, all changes to the access token will be reflected. + * httpClient - always present, the HTTP client that can be used to make external HTTP requests + * identity - always present, the identity of the resource owner + * logger - always present, corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION. + * scopes - always present, the requested scopes + * session - present if the request contains the session cookie, the user's session object + * scriptName - always present, the display name of the script + * requestProperties - always present, contains a map of request properties: + * requestUri - the request URI + * realm - the realm that the request relates to + * requestParams - a map of the request params and/or posted data. Each value is a list of one or + * more properties. Please note that these should be handled in accordance with OWASP best + * practices. + * clientProperties - present if the client specified in the request was identified, contains a map of client + * properties: + * clientId - the client's Uri for the request locale + * allowedGrantTypes - list of the allowed grant types (org.forgerock.oauth2.core.GrantType) + * for the client + * allowedResponseTypes - list of the allowed response types for the client + * allowedScopes - list of the allowed scopes for the client + * customProperties - A map of the custom properties of the client. + * Lists or maps will be included as sub-maps, e.g: + * testMap[Key1]=Value1 will be returned as testmap -> Key1 -> Value1 + * + * No return value - changes shall be made to the accessToken parameter directly. + * + * The changes made to OAuth2 access tokens will directly impact the size of the CTS tokens, and similarly the size of + * the JWTs if client based OAuth2 tokens are utilised. + * When adding/updating fields make sure that the token size remains within client/user-agent limits. + */ + +/* +//Field to always include in token +accessToken.setField("hello", "world") + +//Obtain additional values by performing a REST call to an external service +try { + Response response = httpClient.send(new Request() + .setUri("https://third.party.app/hello.jsp") + .setMethod("POST") + .modifyHeaders({ headers -> headers.put("Content-Type", "application/json;charset=UTF-8") }) +// .setEntity('foo=bar&hello=world')) + .setEntity([foo: 'bar'])) + .getOrThrow() + if (response.status.successful) { + def result = new JsonSlurper().parseText(response.entity.string) + accessToken.setFields(result.get("updatedFields")) + } else { + logger.error("Unable to obtain access token modifications: {}, {}", response.status, response.entity.toString()) + } +} catch (InterruptedException ex) { + logger.error("The request processing was interrupted", ex) + Thread.currentThread().interrupt() + //The access token request will fail with HTTP 500 error in this case. + throw new RuntimeException("Unable to obtain response from ") +} + +//Add new fields containing identity attribute values +def attributes = identity.getAttributes(["mail", "telephoneNumber"].toSet()) +accessToken.setField("mail", attributes["mail"]) +accessToken.setField("phone", attributes["telephoneNumber"]) + +//Add new fields containing session property values +if (session != null) { // session is not available for resource owner password credentials grant + try { + accessToken.setField("ipAddress", session.getProperty("Host")) + } catch (SSOException ex) { + logger.error("Unable to retrieve session property value", ex) + } +} + +// Remove a native field from the token entry, that was set by AM. For complete list of remove* methods see the JavaDoc +// for org.forgerock.oauth2.core.AccessToken class. +accessToken.removeTokenName() +*/ +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OAuth2-Access-Token-Modification-Script.script.json 1`] = ` +{ + "script": { + "d22f9a0c-426a-4466-b95e-d0f125b0d5fa": { + "_id": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", + "default": true, + "description": "Default global script for OAuth2 Access Token Modification", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "OAuth2 Access Token Modification Script", + "script": "file://OAuth2-Access-Token-Modification-Script.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OAuth2-Authorize-Endpoint-Data-Provider-Script.script.js 1`] = ` +"/* + * Copyright 2021-2023 ForgeRock AS. All Rights Reserved + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This script lets you return additional data when authorize request is called. + * + * Defined variables: + * + * session - SSOToken (1) + * Present if the request contains the session cookie, the user's session object. + * + * httpClient - HTTP Client (2). + * Always present, the HTTP client that can be used to make external HTTP requests + * + * logger - Debug (3) + * Always present, the "ScriptedAuthorizeEndpointDataProvider" debug logger instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. + * Corresponding log files will be prefixed with: scripts.OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER. + * + * scriptName - String (primitive). + * Always present, the display name of the script + * + * Return - a Map of additional data (4). + * + * Class reference: + * (1) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. + * (2) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. + * (3) Debug - https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. + * (4) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html. + */ + +/** + * Default authorize endpoint data provider script to use as a template for new scripts. + */ + +/* EXAMPLE +var map = new java.util.HashMap(); + +function addAdditionalData() { + + //If constant data needs to be returned + map.put("hello", "world"); + + //If some data needs to be returned from third party service + addAdditionalDataFromExternalService(); + + //If there is a need to return some user session data + addAdditionalDataFromSessionProperties() + + return map; +}; + +function addAdditionalDataFromExternalService() { + var frJava = JavaImporter( + org.forgerock.oauth2.core.exceptions.ServerException + ); + try { + //Obtain additional data by performing a REST call to an external service + var request = new org.forgerock.http.protocol.Request(); + request.setUri("https://third.party.app/hello.jsp"); + request.setMethod("POST"); + //request.setEntity("foo=bar&hello=world"); + request.setEntity(json(object( + field("foo", "bar")))); + var response = httpClient.send(request).getOrThrow(); + logResponse(response); + var result = JSON.parse(response.getEntity().getString()); + map.put("someKey",result.get("someKey")); + } catch (err) { + throw new frJava.ServerException(err); + } +}; + +function addAdditionalDataFromSessionProperties() { + //Add additional data from session property values + if (session != null) { // session is not available for resource owner password credentials grant + map.put("ipAddress", session.getProperty("Host")) + } +}; + +function logResponse(response) { + logger.message("User REST Call. Status: " + response.getStatus() + ", Body: " + response.getEntity().getString()); +}; + +addAdditionalData(); +*/ +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OAuth2-Authorize-Endpoint-Data-Provider-Script.script.json 1`] = ` +{ + "script": { + "3f93ef6e-e54a-4393-aba1-f322656db28a": { + "_id": "3f93ef6e-e54a-4393-aba1-f322656db28a", + "context": "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER", + "default": true, + "description": "Default global script for OAuth2 Authorize Endpoint Data Provider", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "name": "OAuth2 Authorize Endpoint Data Provider Script", + "script": "file://OAuth2-Authorize-Endpoint-Data-Provider-Script.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OAuth2-Evaluate-Scope-Script.script.js 1`] = ` +"/* + * Copyright 2021 ForgeRock AS. All Rights Reserved + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This script lets you populate the scopes with profile attribute values when the tokeninfo endpoint is called. + * For example, if one of the scopes is mail, AM sets mail to the resource owner's email address in the token information returned. + * + * Defined variables: + * accessToken - AccessToken (1). + * The access token to be updated. + * Mutable object, all changes to the access token will be reflected. + * identity - AMIdentity (2). + * The client's identity if present or the resource owner's identity. Can be null. + * scriptName - String (primitive). + * Always present, the display name of the script. + * logger - Always present, the debug logger instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. + * Corresponding log files will be prefixed with: scripts.OAUTH2_EVALUATE_SCOPE + * httpClient - HTTP Client (3). + * Always present, the HTTP Client instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. + * + * Return - a Map of the access token's information (4). + * + * Class reference: + * (1) AccessToken - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/AccessToken.html. + * (2) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html. + * (3) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. + * (4) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html. + */ + +/** + * Default evaluate scope script to use as a template for new scripts. + */ + +(function () { + var map = new java.util.HashMap(); + if (identity !== null) { + var scopes = accessToken.getScope().toArray(); + scopes.forEach(function (scope) { + var attributes = identity.getAttribute(scope).toArray(); + map.put(scope, attributes.join(",")); + }); + } else { + logger.error('identity is null'); + } + return map; +}()); +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OAuth2-Evaluate-Scope-Script.script.json 1`] = ` +{ + "script": { + "da56fe60-8b38-4c46-a405-d6b306d4b336": { + "_id": "da56fe60-8b38-4c46-a405-d6b306d4b336", + "context": "OAUTH2_EVALUATE_SCOPE", + "default": true, + "description": "Default global script for OAuth2 Scope Evaluation", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "name": "OAuth2 Evaluate Scope Script", + "script": "file://OAuth2-Evaluate-Scope-Script.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OAuth2-JWT-Issuer-Script.script.js 1`] = ` +"/* + * Copyright 2022 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This script lets you to derive the configuration for a dynamic JWT issuer from the issuer string. + * A JWT issuer is made up of the following: + * - issuer - the identifier of the entity that issues JWTs + * - resource owner subject claim - the name of the claim in the JWT that identifies the resource owner + * - consented scope claim - the name of the claim in the JWT that represents scope that the resource owner + * has already consented to externally + * - authorized subjects - the set of principal identifiers that are authorized to be used as resource owners + * by the issuer + * - JWKs - either a set of JWKs or connection details for obtaining that set, that are the public keys that + * can verify the signature on the issued JWTs. + * + * Defined variables: + * issuer - String + * The issuer from the bearer JWT. + * realm - String + * The path of the realm that is handling the request. + * scriptName - String. + * Always present, the display name of the script. + * logger - Always present, the script debug logger instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. + * Corresponding log files will be prefixed with: scripts.OAUTH2_SCRIPTED_JWT_ISSUER. + * httpClient - HTTP Client (1). + * Always present, the HTTP Client instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. + * idRepository - Identity Repository (2). Always present. + * secrets - Secrets accessor (3). Always present. + * + * Return - org.forgerock.oauth2.core.TrustedJwtIssuerConfig (4) - the configuration of the trusted JWT issuer. + * + * Class reference: + * (1) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. + * (2) ScriptedIdentityRepository - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openam/scripting/api/identity/ScriptedIdentityRepository.html. + * (3) ScriptedSecrets - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openam/scripting/api/secrets/ScriptedSecrets.html. + * (4) TrustedJwtIssuerConfig - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/TrustedJwtIssuerConfig.html. + */ + +/* EXAMPLE +(function () { + var frJava = JavaImporter( + org.forgerock.oauth2.core.TrustedJwtIssuerConfig, + java.util.Collections + ); + + var iss = idRepository.getIdentity(issuer); + if (iss == null) { + logger.message('No issuer found for: '+issuer); + return null; + } + logger.message('Found issuer: '+iss); + // in this example either a JWK set or a URI to a JWK set are in the postalAddress attribute + var jwksAttrs = iss.getAttributeValues('postalAddress'); + var jwkSet = jwksAttrs.length === 0 ? null : jwksAttrs[0]; + var config = new frJava.TrustedJwtIssuerConfig( + issuer, + 'sub', + 'scope', + // in this example, valid subjects are stored in the mail attribute + iss.getAttributeValues('mail'), + jwkSet.startsWith('{') ? jwkSet : null, + jwkSet.startsWith('http') ? jwkSet : null, + '5 minutes', + '1 minute' + ); + return config; +}()); +*/ +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OAuth2-JWT-Issuer-Script.script.json 1`] = ` +{ + "script": { + "400e48ba-3f13-4144-ac7b-f824ea8e98c5": { + "_id": "400e48ba-3f13-4144-ac7b-f824ea8e98c5", + "context": "OAUTH2_SCRIPTED_JWT_ISSUER", + "default": true, + "description": "Default global script for scripted JWT Issuers", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "name": "OAuth2 JWT Issuer Script", + "script": "file://OAuth2-JWT-Issuer-Script.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OAuth2-May-Act-Script.script.groovy 1`] = ` +"/* + * Copyright 2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/** + * Defined variables: + * token - The access token to be updated. Mutable object, all changes to the access token will be reflected. + * logger - always present, corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION. + * scriptName - always present, the display name of the script + * session - present if the request contains the session cookie, the user's session object + * requestProperties - always present, contains a map of request properties: + * requestUri - the request URI + * realm - the realm that the request relates to + * requestParams - a map of the request params and/or posted data. Each value is a list of one or + * more properties. Please note that these should be handled in accordance with OWASP best + * practices. + * clientProperties - present if the client specified in the request was identified, contains a map of client + * properties: + * clientId - the client's Uri for the request locale + * allowedGrantTypes - list of the allowed grant types (org.forgerock.oauth2.core.GrantType) + * for the client + * allowedResponseTypes - list of the allowed response types for the client + * allowedScopes - list of the allowed scopes for the client + * customProperties - A map of the custom properties of the client. + * Lists or maps will be included as sub-maps, e.g: + * testMap[Key1]=Value1 will be returned as testmap -> Key1 -> Value1 + * + * identity - always present, the identity of the resource owner + * scopes - always present, the requested scopes + */ +/* +import org.forgerock.json.JsonValue + +token.setMayAct( + JsonValue.json(JsonValue.object( + JsonValue.field("client_id", "myClient"), + JsonValue.field("sub", "(usr!myActor)")))) +*/ +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OAuth2-May-Act-Script.script.json 1`] = ` +{ + "script": { + "c735de08-f8f2-4e69-aa4a-2d8d3d438323": { + "_id": "c735de08-f8f2-4e69-aa4a-2d8d3d438323", + "context": "OAUTH2_MAY_ACT", + "default": true, + "description": "Default global script for OAuth2 May Act", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "OAuth2 May Act Script", + "script": "file://OAuth2-May-Act-Script.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OAuth2-Validate-Scope-Script.script.js 1`] = ` +"/* + * Copyright 2021 ForgeRock AS. All Rights Reserved + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This script validates the requested scopes against the allowed scopes. + * If no scopes are requested, default scopes are assumed. + * The script has four top level functions that could be executed during the different OAuth2 flows: + * - validateAuthorizationScope + * - validateAccessTokenScope + * - validateRefreshTokenScope + * - validateBackChannelAuthorizationScope + * + * Defined variables: + * requestedScopes - Set (1). + * The set of requested scopes. + * defaultScopes - Set (1). + * The set of default scopes. + * allowedScopes - Set (1). + * The set of allowed scopes. + * scriptName - String (primitive). + * Always present, the display name of the script. + * logger - Always present, the debug logger instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. + * Corresponding log files will be prefixed with: scripts.OAUTH2_VALIDATE_SCOPE + * httpClient - HTTP Client (2). + * Always present, the HTTP Client instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. + * + * Throws InvalidScopeException: + * - if there are no scopes requested and default scopes are empty + * - if a requested scope is not allowed + * + * Return - a Set of validated scopes (1). + * + * Class reference: + * (1) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html. + * (2) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. + */ + +/** + * Default validate scope script. + */ +function validateScopes () { + var frJava = JavaImporter( + org.forgerock.oauth2.core.exceptions.InvalidScopeException + ); + + var scopes; + if (requestedScopes == null || requestedScopes.isEmpty()) { + scopes = defaultScopes; + } else { + scopes = new java.util.HashSet(allowedScopes); + scopes.retainAll(requestedScopes); + if (requestedScopes.size() > scopes.size()) { + var invalidScopes = new java.util.HashSet(requestedScopes); + invalidScopes.removeAll(allowedScopes); + throw new frJava.InvalidScopeException('Unknown/invalid scope(s)'); + } + } + + if (scopes == null || scopes.isEmpty()) { + throw new frJava.InvalidScopeException('No scope requested and no default scope configured'); + } + return scopes; +} + +function validateAuthorizationScope () { + return validateScopes(); +} + +function validateAccessTokenScope () { + return validateScopes(); +} + +function validateRefreshTokenScope () { + return validateScopes(); +} + +function validateBackChannelAuthorizationScope () { + return validateScopes(); +} +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OAuth2-Validate-Scope-Script.script.json 1`] = ` +{ + "script": { + "25e6c06d-cf70-473b-bd28-26931edc476b": { + "_id": "25e6c06d-cf70-473b-bd28-26931edc476b", + "context": "OAUTH2_VALIDATE_SCOPE", + "default": true, + "description": "Default global script for OAuth2 Scope Validation", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "name": "OAuth2 Validate Scope Script", + "script": "file://OAuth2-Validate-Scope-Script.script.js", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OIDC-Claims-Script.script.groovy 1`] = ` +"/* + * Copyright 2014-2020 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ +import com.iplanet.sso.SSOException +import com.sun.identity.idm.IdRepoException +import org.forgerock.oauth2.core.exceptions.InvalidRequestException +import org.forgerock.oauth2.core.UserInfoClaims +import org.forgerock.openidconnect.Claim + +/* +* Defined variables: +* logger - always presents, the "OAuth2Provider" debug logger instance +* claims - always present, default server provided claims - Map +* claimObjects - always present, default server provided claims - List +* session - present if the request contains the session cookie, the user's session object +* identity - always present, the identity of the resource owner +* scopes - always present, the requested scopes +* scriptName - always present, the display name of the script +* requestProperties - always present, contains a map of request properties: +* requestUri - the request URI +* realm - the realm that the request relates to +* requestParams - a map of the request params and/or posted data. Each value is a list of one or +* more properties. Please note that these should be handled in accordance with OWASP best practices. +* clientProperties - present if the client specified in the request was identified, contains a map of client +* properties: +* clientId - the client's Uri for the request locale +* allowedGrantTypes - list of the allowed grant types (org.forgerock.oauth2.core.GrantType) +* for the client +* allowedResponseTypes - list of the allowed response types for the client +* allowedScopes - list of the allowed scopes for the client +* customProperties - A map of the custom properties of the client. +* Lists or maps will be included as sub-maps, e.g: +* testMap[Key1]=Value1 will be returned as testmap -> Key1 -> Value1 +* requestedClaims - Map> +* always present, not empty if the request contains a claims parameter and server has enabled +* claims_parameter_supported, map of requested claims to possible values, otherwise empty, +* requested claims with no requested values will have a key but no value in the map. A key with +* a single value in its Set indicates this is the only value that should be returned. +* requestedTypedClaims - List +* always present, not empty if the request contains a claims parameter and server has enabled +* claims_parameter_supported, list of requested claims with claim name, requested possible values +* and if claim is essential, otherwise empty, +* requested claims with no requested values will have a claim with no values. A claims with +* a single value indicates this is the only value that should be returned. +* claimsLocales - the values from the 'claims_locales' parameter - List +* Required to return a Map of claims to be added to the id_token claims +* +* Expected return value structure: +* UserInfoClaims { +* Map values; // The values of the claims for the user information +* Map> compositeScopes; // Mapping of scope name to a list of claim names. +* } +*/ + +// user session not guaranteed to be present +boolean sessionPresent = session != null + +/* + * Pulls first value from users profile attribute + * + * @param claim The claim object. + * @param attr The profile attribute name. + */ +def fromSet = { claim, attr -> + if (attr != null && attr.size() == 1){ + attr.iterator().next() + } else if (attr != null && attr.size() > 1){ + attr + } else if (logger.warningEnabled()) { + logger.warning("OpenAMScopeValidator.getUserInfo(): Got an empty result for claim=$claim"); + } +} + +// ---vvvvvvvvvv--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---vvvvvvvvvv--- +/* + * Claim resolver which resolves the value of the claim from its requested values. + * + * This resolver will return a value if the claim has one requested values, otherwise an exception is thrown. + */ +defaultClaimResolver = { claim -> + if (claim.getValues().size() == 1) { + [(claim.getName()): claim.getValues().iterator().next()] + } else { + [:] + } +} + +/* + * Claim resolver which resolves the value of the claim by looking up the user's profile. + * + * This resolver will return a value for the claim if: + * # the user's profile attribute is not null + * # AND the claim contains no requested values + * # OR the claim contains requested values and the value from the user's profile is in the list of values + * + * If no match is found an exception is thrown. + */ +userProfileClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) { + return [(claim.getName()): userProfileValue] + } + } + [:] +} + +/* + * Claim resolver which resolves the value of the claim of the user's address. + * + * This resolver will return a value for the claim if: + * # the value of the address is not null + * + */ +userAddressClaimResolver = { claim, identity -> + if (identity != null) { + addressFormattedValue = fromSet(claim.getName(), identity.getAttribute("postaladdress")) + if (addressFormattedValue != null) { + return [ + "formatted" : addressFormattedValue + ] + } + } + [:] +} + +/* + * Claim resolver which resolves the value of the claim by looking up the user's profile. + * + * This resolver will return a value for the claim if: + * # the user's profile attribute is not null + * # AND the claim contains no requested values + * # OR the claim contains requested values and the value from the user's profile is in the list of values + * + * If the claim is essential and no value is found an InvalidRequestException will be thrown and returned to the user. + * If no match is found an exception is thrown. + */ +essentialClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (claim.isEssential() && (userProfileValue == null || userProfileValue.isEmpty())) { + throw new InvalidRequestException("Could not provide value for essential claim $claim") + } + if (userProfileValue != null && (claim.getValues() == null || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue))) { + return [(claim.getName()): userProfileValue] + } + } + return [:] +} + +/* + * Claim resolver which expects the user's profile attribute value to be in the following format: + * "language_tag|value_for_language,...". + * + * This resolver will take the list of requested languages from the 'claims_locales' authorize request + * parameter and attempt to match it to a value from the users' profile attribute. + * If no match is found an exception is thrown. + */ +claimLocalesClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (userProfileValue != null) { + localeValues = parseLocaleAwareString(userProfileValue) + locale = claimsLocales.find { locale -> localeValues.containsKey(locale) } + if (locale != null) { + return [(claim.getName()): localeValues.get(locale)] + } + } + } + return [:] +} + +/* + * Claim resolver which expects the user's profile attribute value to be in the following format: + * "language_tag|value_for_language,...". + * + * This resolver will take the language tag specified in the claim object and attempt to match it to a value + * from the users' profile attribute. If no match is found an exception is thrown. + */ +languageTagClaimResolver = { attribute, claim, identity -> + if (identity != null) { + userProfileValue = fromSet(claim.getName(), identity.getAttribute(attribute)) + if (userProfileValue != null) { + localeValues = parseLocaleAwareString(userProfileValue) + if (claim.getLocale() != null) { + if (localeValues.containsKey(claim.getLocale())) { + return [(claim.getName()): localeValues.get(claim.getLocale())] + } else { + entry = localeValues.entrySet().iterator().next() + return [(claim.getName() + "#" + entry.getKey()): entry.getValue()] + } + } else { + entry = localeValues.entrySet().iterator().next() + return [(claim.getName()): entry.getValue()] + } + } + } + return [:] +} + +/* + * Given a string "en|English,jp|Japenese,fr_CA|French Canadian" will return map of locale -> value. + */ +parseLocaleAwareString = { s -> + return result = s.split(",").collectEntries { entry -> + split = entry.split("\\\\|") + [(split[0]): value = split[1]] + } +} +// ---^^^^^^^^^^--- EXAMPLE CLAIM ATTRIBUTE RESOLVER FUNCTIONS ---^^^^^^^^^^--- + +// -------------- UPDATE THIS TO CHANGE CLAIM TO ATTRIBUTE MAPPING FUNCTIONS --------------- +/* + * List of claim resolver mappings. + */ +// [ {claim}: {attribute retriever}, ... ] +claimAttributes = [ + "email": userProfileClaimResolver.curry("mail"), + "address": { claim, identity -> [ "address" : userAddressClaimResolver(claim, identity) ] }, + "phone_number": userProfileClaimResolver.curry("telephonenumber"), + "given_name": userProfileClaimResolver.curry("givenname"), + "zoneinfo": userProfileClaimResolver.curry("preferredtimezone"), + "family_name": userProfileClaimResolver.curry("sn"), + "locale": userProfileClaimResolver.curry("preferredlocale"), + "name": userProfileClaimResolver.curry("cn") +] + + +// -------------- UPDATE THIS TO CHANGE SCOPE TO CLAIM MAPPINGS -------------- +/* + * Map of scopes to claim objects. + */ +// {scope}: [ {claim}, ... ] +scopeClaimsMap = [ + "email": [ "email" ], + "address": [ "address" ], + "phone": [ "phone_number" ], + "profile": [ "given_name", "zoneinfo", "family_name", "locale", "name" ] +] + + +// ---------------- UPDATE BELOW FOR ADVANCED USAGES ------------------- +if (logger.messageEnabled()) { + scopes.findAll { s -> !("openid".equals(s) || scopeClaimsMap.containsKey(s)) }.each { s -> + logger.message("OpenAMScopeValidator.getUserInfo()::Message: scope not bound to claims: $s") + } +} + +/* + * Computes the claims return key and value. The key may be a different value if the claim value is not in + * the requested language. + */ +def computeClaim = { claim -> + try { + claimResolver = claimAttributes.get(claim.getName(), { claimObj, identity -> defaultClaimResolver(claim)}) + claimResolver(claim, identity) + } catch (IdRepoException e) { + if (logger.warningEnabled()) { + logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e); + } + } catch (SSOException e) { + if (logger.warningEnabled()) { + logger.warning("OpenAMScopeValidator.getUserInfo(): Unable to retrieve attribute=$attribute", e); + } + } +} + +/* + * Converts requested scopes into claim objects based on the scope mappings in scopeClaimsMap. + */ +def convertScopeToClaims = { + scopes.findAll { scope -> "openid" != scope && scopeClaimsMap.containsKey(scope) }.collectMany { scope -> + scopeClaimsMap.get(scope).collect { claim -> + new Claim(claim) + } + } +} + +// Creates a full list of claims to resolve from requested scopes, claims provided by AS and requested claims +def claimsToResolve = convertScopeToClaims() + claimObjects + requestedTypedClaims + +// Computes the claim return key and values for all requested claims +computedClaims = claimsToResolve.collectEntries() { claim -> + result = computeClaim(claim) +} + +// Computes composite scopes +def compositeScopes = scopeClaimsMap.findAll { scope -> + scopes.contains(scope.key) +} + +return new UserInfoClaims((Map)computedClaims, (Map)compositeScopes) +" +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/OIDC-Claims-Script.script.json 1`] = ` +{ + "script": { + "36863ffb-40ec-48b9-94b1-9a99f71cc3b5": { + "_id": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "context": "OIDC_CLAIMS", + "default": true, + "description": "Default global script for OIDC claims", + "evaluatorVersion": "1.0", + "language": "GROOVY", + "name": "OIDC Claims Script", + "script": "file://OIDC-Claims-Script.script.groovy", + }, + }, +} +`; + +exports[`frodo config export "frodo config export --all-separate --no-metadata --default --directory exportAllTestDir8 --include-active-values --use-string-arrays --no-decode --no-coords --type classic": should export everything, including default scripts, into separate files in the directory exportAllTestDir8 with scripts, no decoding variables, no journey coordinates, separate mappings, and using string arrays: exportAllTestDir8/realm/root/script/SAML2-IDP-Adapter-Script.script.js 1`] = ` +"/* + * Copyright 2021-2023 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * The script has these top level functions that could be executed during a SAML2 flow. + * - preSingleSignOn + * - preAuthentication + * - preSendResponse + * - preSignResponse + * - preSendFailureResponse + * + * Please see the javadoc for the interface definition and more information about these methods. + * https://backstage.forgerock.com/docs/am/7.3/_attachments/apidocs/com/sun/identity/saml2/plugins/SAML2IdentityProviderAdapter.html + * Note that the initialize method is not supported in the scripts. + * + * Defined variables. Check the documentation on the respective functions for the variables available to it. + * + * hostedEntityId - String + * Entity ID for the hosted IDP + * realm - String + * Realm of the hosted IDP + * idpAdapterScriptHelper - IdpAdapterScriptHelper (1) + * An instance of IdpAdapterScriptHelper containing helper methods. See Javadoc for more details. + * request - HttpServletRequest (2) + * Servlet request object + * response - HttpServletResponse (3) + * Servlet response object + * authnRequest - AuthnRequest (4) + * The original authentication request sent from SP + * reqId - String + * The id to use for continuation of processing if the adapter redirects + * res - Response (5) + * The SAML Response + * session - SSOToken (6) + * The single sign-on session. The reference type of this is Object and would need to be casted to SSOToken. + * relayState - String + * The relayState that will be used in the redirect + * faultCode - String + * the fault code that will be returned in the SAML response + * faultDetail - String + * the fault detail that will be returned in the SAML response + * logger - Logger instance + * https://backstage.forgerock.com/docs/am/7.3/scripting-guide/scripting-api-global-logger.html. + * Corresponding log files will be prefixed with: scripts.