Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
A Token Resource Lookup Method is used to lookup the end-user account that is associated with an access token provided to authorize a resource request.
↓Relations from This Component
↓Relations to This Component
↓Properties
↓dsconfig Usage
The following components have a direct aggregation relation from Token Resource Lookup Methods:
The following components have a direct composition relation to Token Resource Lookup Methods:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ scim-resource-type | |
| ↓ match-filter | |
| ↓ evaluation-order-index |
| Description | A description for this Token Resource Lookup Method |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The SCIM Resource Type that the Token Resource Lookup Method will use to lookup the access token owner. |
| Default Value | None |
| Allowed Values | The DN of any SCIM Resource Type. The associated SCIM Resource Type must exist and must be enabled. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the SCIM search filter that should be used when looking up the access token owner. The filter pattern may include one or more variables that refer to properties (e.g. claims) that are present in the access token. Each such variable is identified by surrounding the claim name with a percent sign in double quotes ("%...%"). For example, the search-filter "userName eq "%uid%" and organization eq "%org%"" will substitute "%uid%" and "%org%" with the values of the "uid" and "org" access token claims respectively. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | When multiple Token Resource Lookup Methods are defined for a single Access Token Validator, this property determines the order in which the lookup queries are executed. Values of this property must be unique among all Token Resource Lookup Methods defined for a single Access Token Validator but not necessarily contiguous. Token Resource Lookup Methods with a smaller value will be evaluated first to determine if they are able to locate the end-user resource. |
| Default Value | None |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured Token Resource Lookup Methods:
dsconfig list-token-resource-lookup-methods
[--property {propertyName}] ...
To view the configuration for an existing Token Resource Lookup Method:
dsconfig get-token-resource-lookup-method-prop
--method-name {name}
--validator-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Token Resource Lookup Method:
dsconfig set-token-resource-lookup-method-prop
--method-name {name}
--validator-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Token Resource Lookup Method:
dsconfig create-token-resource-lookup-method
--method-name {name}
--validator-name {name}
--set scim-resource-type:{propertyValue}
--set match-filter:{propertyValue}
--set evaluation-order-index:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Token Resource Lookup Method:
dsconfig delete-token-resource-lookup-method
--method-name {name}
--validator-name {name}