UnboundID Identity Data Store - Oauth HTTP Servlet Extension

Identity Data Store Documentation Index
Configuration Reference Home

Oauth HTTP Servlet Extension

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact UnboundID support in order to understand the potential impact of that change.

The Oauth HTTP Servlet Extension may be used to enable OAuth and self-service account flows over an HTTP/S interface.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The Oauth HTTP Servlet Extension component inherits from the HTTP Servlet Extension

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ cross-origin-policy
↓ java-class
↓ response-header
↓ register-enabled
↓ register-dataview-name
↓ recover-username-enabled
↓ recover-username-scim-query
↓ recover-username-validity-duration
↓ recover-username-full-text
↓ recover-username-compact-text
↓ recover-username-subject
↓ recover-password-enabled
↓ recover-password-scim-query
↓ recover-password-full-text
↓ recover-password-compact-text
↓ recover-password-subject
↓ recaptcha-key
↓ recaptcha-secret

Basic Properties

description

Description	A description for this HTTP Servlet Extension
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

cross-origin-policy

Description	The cross-origin request policy to use for the HTTP Servlet Extension. A cross-origin policy is a group of attributes defining the level of cross-origin request supported by the HTTP Servlet Extension.
Default Value	No cross-origin policy is defined and no CORS headers are recognized or returned.
Allowed Values	The DN of any HTTP Servlet Cross Origin Policy.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

java-class (Read-Only)

Description	Specifies the name of the servlet extension class which can be used to obtain a servlet instance.
Default Value	None
Allowed Values	The fully-qualified name of a Java class that extends or implements com.unboundid.directory.server.protocols.http.HTTPServletExtension
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

response-header

Description	Specifies HTTP header fields and values added to response headers for all requests. Values specified here must specify both the header field name and the value in conformance with RFC 2616. Fields may only be specified once; multiple values for the same header should be comma-separated. See RFC 7231 for a standard set of field names.
Default Value	None
Allowed Values	Colon-separated header field name and value
Multi-Valued	Yes
Required	No
Admin Action Required	HTTP Connection Handlers hosting this HTTP Servlet Extension must be disabled and then re-enabled, or the server restarted, in order for this change to take effect.

Description	Specifies whether or not the register self-service account flow should be enabled. When disabled, the link will not be rendered on the login view and any attempts to access the register endpoint will result in a 403 Forbidden HTTP status code.
Default Value	true
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

Description	Specifies the data view in which the register self-service account flow creates new users and the recover self-service account flows search for users.
Default Value	User
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

recover-username-enabled

Description	Specifies whether or not the username recovery self-service account flow should be enabled. When disabled, the link will not be rendered on the login view and any attempts to access the username recovery endpoint will result in a 403 Forbidden HTTP status code.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	If enabled, the Identity Data Store should be configured with an OTP Delivery Mechanism and a single-use-tokens Extended Operation Handler.

recover-username-scim-query

Description	Specifies the SCIM query used when the username recovery self-service account flow searches for the account to recover.
Default Value	emails eq "$0" or phoneNumbers eq "$0"
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

recover-username-validity-duration

Description	Specifies the duration the username recover code is valid before expiring.
Default Value	5 m
Allowed Values	A duration. Lower limit is 1 seconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

recover-username-full-text

Description	Specifies the full text sent with the username recover code when the OTP mechanism supports long text.
Default Value	Username Recovery Code: $0
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

recover-username-compact-text

Description	Specifies the compact text sent with the username recover code when the OTP mechanism does not support long text.
Default Value	Username Recovery Code: $0
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

recover-username-subject

Description	Specifies the subject sent with the username recover code when the OTP mechanism supports subjects.
Default Value	Username Recovery Code
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

recover-password-enabled

Description	Specifies whether or not the password recovery self-service account flow should be enabled. When disabled, the link will not be rendered on the login view and any attempts to access the password recovery endpoint will result in a 403 Forbidden HTTP status code.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	If enabled, the Identity Data Store should be configured with an OTP Delivery Mechanism and a deliver-password-reset-token Extended Operation Handler.

recover-password-scim-query

Description	Specifies the SCIM query used when the password recovery self-service account flow searches for the account to recover.
Default Value	userName eq "$0" or emails eq "$0" or phoneNumbers eq "$0"
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

recover-password-full-text

Description	Specifies the full text sent with the password change code when the OTP mechanism supports long text.
Default Value	Password Change Code: $0
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

recover-password-compact-text

Description	Specifies the compact text sent with the password change code when the OTP mechanism does not support long text.
Default Value	Password Change Code: $0
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

recover-password-subject

Description	Specifies the subject sent with the password change code when the OTP mechanism supports subjects.
Default Value	Password Change Code
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

recaptcha-key

Description	Specifies the Google reCAPTCHA API key the register and recovery self-service account flows should use. If a key is not specified, reCAPTCHA will not be used by those flows.
Default Value	reCAPTCHA will not be used
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

recaptcha-secret

Description	Specifies the Google reCAPTCHA API secret the register and recovery self-service account flows should use. If a secret is not specified, reCAPTCHA will not be used by those flows.
Default Value	reCAPTCHA will not be used
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured HTTP Servlet Extensions:

dsconfig list-http-servlet-extensions
     [--property {propertyName}] ...

To view the configuration for an existing HTTP Servlet Extension:

dsconfig get-http-servlet-extension-prop
     --extension-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing HTTP Servlet Extension:

dsconfig set-http-servlet-extension-prop
     --extension-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Oauth HTTP Servlet Extension:

dsconfig create-http-servlet-extension
     --extension-name {name}
     --type oauth
     --set java-class:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing HTTP Servlet Extension:

dsconfig delete-http-servlet-extension
     --extension-name {name}