Ping Identity PingAuthorize Server - Directory REST API HTTP Servlet Extension

PingAuthorize Server Documentation Index
Configuration Reference Home

Directory REST API HTTP Servlet Extension

The Directory REST API HTTP Servlet Extension provides a general-purpose REST API for directory data.

↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage

Parent Component

The Directory REST API HTTP Servlet Extension component inherits from the HTTP Servlet Extension

Relations from This Component

The following components have a direct aggregation relation from Directory REST API HTTP Servlet Extensions:

Access Token Validator

Identity Mapper

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ cross-origin-policy
↓ response-header
↓ correlation-id-response-header
↓ basic-auth-enabled
↓ identity-mapper
↓ access-token-validator
↓ access-token-scope
↓ audience
↓ max-page-size
↓ schemas-endpoint-objectclass
↓ default-operational-attribute
↓ reject-expansion-attribute

Basic Properties

description

Description	A description for this HTTP Servlet Extension
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

cross-origin-policy

Description	The cross-origin request policy to use for the HTTP Servlet Extension. A cross-origin policy is a group of attributes defining the level of cross-origin request supported by the HTTP Servlet Extension.
Default Value	No cross-origin policy is defined and no CORS headers are recognized or returned.
Allowed Values	The DN of any HTTP Servlet Cross Origin Policy.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

response-header

Description	Specifies HTTP header fields and values added to response headers for all requests. Values specified here must specify both the header field name and the value in conformance with RFC 2616. Fields may only be specified once; multiple values for the same header should be comma-separated. See RFC 7231 for a standard set of field names. Any response headers configured for this HTTP Servlet Extension will be combined with response headers configured on the corresponding Connection Handler. In the case of duplicates, the headers configured on this HTTP Servlet Extension will be used instead of the headers configured on the Connection Handler.
Default Value	None
Allowed Values	Colon-separated header field name and value
Multi-Valued	Yes
Required	No
Admin Action Required	HTTP Connection Handlers hosting this HTTP Servlet Extension must be disabled and then re-enabled, or the server restarted, in order for this change to take effect.

correlation-id-response-header

Description	Specifies the name of the HTTP response header that will contain a correlation ID value. Example values are "Correlation-Id", "X-Amzn-Trace-Id", and "X-Request-Id". This property can be used to specify a custom response header name for correlation IDs. The value specified here will override the correlation-id-response-header property of the HTTP Connection Handler hosting this HTTP Servlet Extension. If the use-correlation-id-header property of the HTTP Connection Handler hosting this HTTP Servlet Extension is not enabled, then this property will be ignored.
Default Value	The correlation-id-response-header property of the HTTP Connection Handler hosting this HTTP Servlet Extension will be used.
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

basic-auth-enabled

Description	Enables HTTP Basic authentication, using a username and password. The Identity Mapper specified by the identity-mapper property will be used to map the username to a DN.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	The Directory REST API HTTP Servlet Extension must be disabled and re-enabled for changes to this setting to take effect. For this modification to take effect, you must either restart the server or else disable and then re-enable any HTTP Connection Handler referencing this component.

identity-mapper

Description	Specifies the Identity Mapper that is to be used for associating user entries with basic authentication usernames.
Default Value	Requests must specify a fully qualified DN. No attempt will be made to map a user name to a DN.
Allowed Values	The DN of any Identity Mapper.
Multi-Valued	No
Required	No
Admin Action Required	For this modification to take effect, you must either restart the server or else disable and then re-enable any HTTP Connection Handler referencing this component.

access-token-validator

Description	If specified, the Access Token Validator(s) that may be used to validate access tokens for requests submitted to this Directory REST API HTTP Servlet Extension.
Default Value	If no validators are specified, then any of the Access Token Validators configured for this server may be used to validate an access token.
Allowed Values	The DN of any Access Token Validator.
Multi-Valued	Yes
Required	No
Admin Action Required	For this modification to take effect, you must either restart the server or else disable and then re-enable any HTTP Connection Handler referencing this component.

access-token-scope

Description	The name of a scope that must be present in an access token accepted by the Directory REST API HTTP Servlet Extension.
Default Value	If this property is not specified, then the Directory REST API HTTP Servlet Extension will not permit bearer token authentication.
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

audience

Description	A string or URI that identifies the Directory REST API HTTP Servlet Extension in the context of OAuth2 authorization. If present, this value must be present in the audience claim of any access tokens accepted by the Directory REST API HTTP Servlet Extension. Providing an audience value is recommended, as it ensures that the Directory REST API HTTP Servlet Extension does not accept access tokens intended for another service.
Default Value	If this property is not specified, then the Directory REST API HTTP Servlet Extension will ignore the audience claim of any access tokens that it accepts.
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

max-page-size

Description	The maximum number of entries to be returned in one page of search results. The actual size of a page returned from the search endpoint will be the minimum of: this attribute, the `limit` parameter on the request (if provided), and the actual number of available results.
Default Value	100
Allowed Values	An integer value. Lower limit is 1. Upper limit is 1000 .
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

schemas-endpoint-objectclass

Description	The list of object classes which will be returned by the schemas endpoint.
Default Value	The Directory REST API HTTP Servlet Extension will return an empty list of schemas.
Allowed Values	A string
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

default-operational-attribute

Description	A set of operational attributes that will be returned with entries by default.
Default Value	Only user attributes will be returned, unless the client explicitly requests operational attributes.
Allowed Values	The name or OID of an attribute type defined in the server schema.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

reject-expansion-attribute

Description	A set of attributes which the client is not allowed to provide for the expand query parameters. This should be used for attributes that could either have a large number of values or that reference entries that are very large like groups.
Default Value	All attributes can be provided as an expansion parameter.
Allowed Values	The name or OID of an attribute type defined in the server schema.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured HTTP Servlet Extensions:

dsconfig list-http-servlet-extensions
     [--property {propertyName}] ...

To view the configuration for an existing HTTP Servlet Extension:

dsconfig get-http-servlet-extension-prop
     --extension-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing HTTP Servlet Extension:

dsconfig set-http-servlet-extension-prop
     --extension-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...