User Registry Federation (federatedRepository)

Configuration for the user registry federation.

NameTypeDefaultDescription

failedLoginDelayMax

A period of time with millisecond precision

5s

The maximum delay for a failed login attempt. For example, 5s or 5000ms. The failed login delay adds a variable delay to requests where the login fails. To disable the failed login delay, set the value to 0s. The delay is intended to mitigate user enumeration style attacks; therefore, disabling it is not recommended. To customize the minimum delay time, set the failedLoginDelayMin attribute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

failedLoginDelayMin

A period of time with millisecond precision

0s

The minimum delay for a failed login attempt. For example, 0s or 1000ms. The failed login delay adds a variable delay to requests where the login fails. To customize the maximum delay time, set the failedLoginDelayMax attribute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

id

string

A unique configuration ID.

maxSearchResults

int

4500

Maximum number of entries that can be returned in a search.

pageCacheSize

int

1000

Defines the number of pagination requests that can be stored in the cache. The paging cache size needs to be configured based on the number of pagination requests executed on the system and the hardware system resources available.

pageCacheTimeout

A period of time with millisecond precision

30000ms

Defines the maximum time that an entry, which added to the page cache, is available. When the specified time has elapsed, the entry from the page cache is cleared. This needs to be configured based on the interval between pagination search requests executed on the system and the hardware system resources available. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

searchTimeout

A period of time with millisecond precision

10m

Maximum amount of time, in milliseconds, to process a search. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

extendedProperty

The extended properties for Person and Group.

NameTypeDefaultDescription

dataType

  • BigDecimal

  • BigInteger

  • Boolean

  • Date

  • Double

  • Integer

  • Long

  • String

Defines the data type of the property extended for Person and Group. The basic Java data types are supported.

defaultValue

string

Defines the default value for the property during write operation, if no default value is set.

entityType

  • Group

  • PersonAccount

The name of the entity being mapped. The name of the entity can be PersonAccount or Group.
PersonAccount
Person

id

string

A unique configuration ID.

multiValued

boolean

false

Defines if the property extended for Person and Group supports multiple values.

name

string
Required

Defines the name of the property extended for Person and Group.

primaryRealm

Primary realm configuration.

NameTypeDefaultDescription

allowOpIfRepoDown

boolean

false

Specifies whether operation is allowed if a repository is down. The default value is false.

delimiter

string

/

Delimiter used to qualify the realm under which the operation should be executed. For example, userid=test1/myrealm where / is the delimiter and myrealm is the realm name.

name

string
Required

Name of the realm.

primaryRealm > defaultParents

The default parent mapping for the realm.

NameTypeDefaultDescription

id

string

A unique configuration ID.

name

string
Required

The name of the entity being mapped. The name of the entity can be PersonAccount or Group.

parentUniqueName

string
Required

The distinguished name under Base distinguished name (DN) in the repository under which all entities of the configured type will be created.

primaryRealm > groupDisplayNameMapping

The input and output property mappings for group display name in an user registry operation.

NameTypeDefaultDescription

inputProperty

string

cn

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

outputProperty

string

cn

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

primaryRealm > groupSecurityNameMapping

The input and output property mappings for group security name in an user registry operation.

NameTypeDefaultDescription

inputProperty

string

cn

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

outputProperty

string

cn

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

primaryRealm > participatingBaseEntry

The Base Entry that is part of this realm.

NameTypeDefaultDescription

id

string

A unique configuration ID.

name

string
Required

Name of the base entry.

primaryRealm > uniqueGroupIdMapping

The input and output property mappings for unique group id in an user registry operation.

NameTypeDefaultDescription

inputProperty

string

cn

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

outputProperty

string

uniqueName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

primaryRealm > uniqueUserIdMapping

The input and output property mappings for unique user id used in an user registry operation.

NameTypeDefaultDescription

inputProperty

string

uniqueName

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

outputProperty

string

uniqueName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

primaryRealm > userDisplayNameMapping

The input and output property mappings for user display name in an user registry operation.

NameTypeDefaultDescription

inputProperty

string

principalName

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

outputProperty

string

principalName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

primaryRealm > userSecurityNameMapping

The input and output property mappings for user security name in an user registry operation.

NameTypeDefaultDescription

inputProperty

string

principalName

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

outputProperty

string

uniqueName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

realm

Reference to the realm.

NameTypeDefaultDescription

allowOpIfRepoDown

boolean

false

Specifies whether operation is allowed if a repository is down. The default value is false.

delimiter

string

/

Delimiter used to qualify the realm under which the operation should be executed. For example, userid=test1/myrealm where / is the delimiter and myrealm is the realm name.

id

string

A unique configuration ID.

name

string
Required

Name of the realm.

realm > defaultParents

The default parent mapping for the realm.

NameTypeDefaultDescription

id

string

A unique configuration ID.

name

string
Required

The name of the entity being mapped. The name of the entity can be PersonAccount or Group.

parentUniqueName

string
Required

The distinguished name under Base distinguished name (DN) in the repository under which all entities of the configured type will be created.

realm > groupDisplayNameMapping

The input and output property mappings for group display name in an user registry operation.

NameTypeDefaultDescription

inputProperty

string

cn

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

outputProperty

string

cn

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

realm > groupSecurityNameMapping

The input and output property mappings for group security name in an user registry operation.

NameTypeDefaultDescription

inputProperty

string

cn

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

outputProperty

string

cn

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

realm > participatingBaseEntry

The Base Entry that is part of this realm.

NameTypeDefaultDescription

id

string

A unique configuration ID.

name

string
Required

Name of the base entry.

realm > uniqueGroupIdMapping

The input and output property mappings for unique group id in an user registry operation.

NameTypeDefaultDescription

inputProperty

string

cn

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

outputProperty

string

uniqueName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

realm > uniqueUserIdMapping

The input and output property mappings for unique user id used in an user registry operation.

NameTypeDefaultDescription

inputProperty

string

uniqueName

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

outputProperty

string

uniqueName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

realm > userDisplayNameMapping

The input and output property mappings for user display name in an user registry operation.

NameTypeDefaultDescription

inputProperty

string

principalName

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

outputProperty

string

principalName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

realm > userSecurityNameMapping

The input and output property mappings for user security name in an user registry operation.

NameTypeDefaultDescription

inputProperty

string

principalName

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

outputProperty

string

uniqueName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

supportedEntityType

The default parent for an entity type mapping.

NameTypeDefaultDescription

defaultParent

string

The distinguished name under Base distinguished name (DN) in the repository under which all entities of the configured type will be created.

id

string

A unique configuration ID.

name

string

The name of the entity being mapped. The name of the entity can be PersonAccount or Group.