User Registry Federation (federatedRepository)

Configuration for the user registry federation.

Name	Type	Default	Description
failedLoginDelayMax	A period of time with millisecond precision	5s	The maximum delay for a failed login attempt. For example, 5s or 5000ms. The failed login delay adds a variable delay to requests where the login fails. To disable the failed login delay, set the value to 0s. The delay is intended to mitigate user enumeration style attacks; therefore, disabling it is not recommended. To customize the minimum delay time, set the failedLoginDelayMin attribute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
failedLoginDelayMin	A period of time with millisecond precision	0s	The minimum delay for a failed login attempt. For example, 0s or 1000ms. The failed login delay adds a variable delay to requests where the login fails. To customize the maximum delay time, set the failedLoginDelayMax attribute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
id	string		A unique configuration ID.
maxSearchResults	int	4500	Maximum number of entries that can be returned in a search.
pageCacheSize	int	1000	Defines the number of pagination requests that can be stored in the cache. The paging cache size needs to be configured based on the number of pagination requests executed on the system and the hardware system resources available.
pageCacheTimeout	A period of time with millisecond precision	30000ms	Defines the maximum time that an entry, which added to the page cache, is available. When the specified time has elapsed, the entry from the page cache is cleared. This needs to be configured based on the interval between pagination search requests executed on the system and the hardware system resources available. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
searchTimeout	A period of time with millisecond precision	10m	Maximum amount of time, in milliseconds, to process a search. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

Name

Type

Default

Description

failedLoginDelayMax

A period of time with millisecond precision

The maximum delay for a failed login attempt. For example, 5s or 5000ms. The failed login delay adds a variable delay to requests where the login fails. To disable the failed login delay, set the value to 0s. The delay is intended to mitigate user enumeration style attacks; therefore, disabling it is not recommended. To customize the minimum delay time, set the failedLoginDelayMin attribute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

failedLoginDelayMin

A period of time with millisecond precision

The minimum delay for a failed login attempt. For example, 0s or 1000ms. The failed login delay adds a variable delay to requests where the login fails. To customize the maximum delay time, set the failedLoginDelayMax attribute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

string

A unique configuration ID.

maxSearchResults

int

4500

Maximum number of entries that can be returned in a search.

pageCacheSize

int

1000

Defines the number of pagination requests that can be stored in the cache. The paging cache size needs to be configured based on the number of pagination requests executed on the system and the hardware system resources available.

pageCacheTimeout

A period of time with millisecond precision

30000ms

Defines the maximum time that an entry, which added to the page cache, is available. When the specified time has elapsed, the entry from the page cache is cleared. This needs to be configured based on the interval between pagination search requests executed on the system and the hardware system resources available. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

searchTimeout

A period of time with millisecond precision

10m

Maximum amount of time, in milliseconds, to process a search. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

extendedProperty

The extended properties for Person and Group.

Name	Type	Default	Description
dataType	BigDecimal BigInteger Boolean Date Double Integer Long String		Defines the data type of the property extended for Person and Group. The basic Java data types are supported.
defaultValue	string		Defines the default value for the property during write operation, if no default value is set.
entityType	Group PersonAccount		The name of the entity being mapped. The name of the entity can be PersonAccount or Group. PersonAccount Person
id	string		A unique configuration ID.
multiValued	boolean	false	Defines if the property extended for Person and Group supports multiple values.
name	string Required		Defines the name of the property extended for Person and Group.

Name

Type

Default

Description

dataType

BigDecimal
BigInteger
Boolean
Date
Double
Integer
Long
String

Defines the data type of the property extended for Person and Group. The basic Java data types are supported.

defaultValue

string

Defines the default value for the property during write operation, if no default value is set.

entityType

Group
PersonAccount

The name of the entity being mapped. The name of the entity can be PersonAccount or Group.
PersonAccount
Person

string

A unique configuration ID.

multiValued

boolean

false

Defines if the property extended for Person and Group supports multiple values.

name

string
Required

Defines the name of the property extended for Person and Group.

primaryRealm

Primary realm configuration.

Name	Type	Default	Description
allowOpIfRepoDown	boolean	false	Specifies whether operation is allowed if a repository is down. The default value is false.
delimiter	string	/	Delimiter used to qualify the realm under which the operation should be executed. For example, userid=test1/myrealm where / is the delimiter and myrealm is the realm name.
name	string Required		Name of the realm.

Name

Type

Default

Description

allowOpIfRepoDown

boolean

false

Specifies whether operation is allowed if a repository is down. The default value is false.

delimiter

string

Delimiter used to qualify the realm under which the operation should be executed. For example, userid=test1/myrealm where / is the delimiter and myrealm is the realm name.

name

string
Required

Name of the realm.

primaryRealm > defaultParents

The default parent mapping for the realm.

Name	Type	Description
id	string	A unique configuration ID.
name	string Required	The name of the entity being mapped. The name of the entity can be PersonAccount or Group.
parentUniqueName	string Required	The distinguished name under Base distinguished name (DN) in the repository under which all entities of the configured type will be created.

Name

Type

Default

Description

string

A unique configuration ID.

name

string
Required

The name of the entity being mapped. The name of the entity can be PersonAccount or Group.

parentUniqueName

string
Required

The distinguished name under Base distinguished name (DN) in the repository under which all entities of the configured type will be created.

primaryRealm > groupDisplayNameMapping

The input and output property mappings for group display name in an user registry operation.

Name	Type	Default	Description
inputProperty	string	cn	The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.
outputProperty	string	cn	The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

Name

Type

Default

Description

inputProperty

string

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

outputProperty

string

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

primaryRealm > groupSecurityNameMapping

The input and output property mappings for group security name in an user registry operation.

Name	Type	Default	Description
inputProperty	string	cn	The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.
outputProperty	string	cn	The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

Name

Type

Default

Description

inputProperty

string

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

outputProperty

string

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

primaryRealm > participatingBaseEntry

The Base Entry that is part of this realm.

Name	Type	Default	Description
id	string		A unique configuration ID.
name	string Required		Name of the base entry.

Name

Type

Default

Description

string

A unique configuration ID.

name

string
Required

Name of the base entry.

primaryRealm > uniqueGroupIdMapping

The input and output property mappings for unique group id in an user registry operation.

Name	Type	Default	Description
inputProperty	string	cn	The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.
outputProperty	string	uniqueName	The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

Name

Type

Default

Description

inputProperty

string

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

outputProperty

string

uniqueName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

primaryRealm > uniqueUserIdMapping

The input and output property mappings for unique user id used in an user registry operation.

Name	Type	Default	Description
inputProperty	string	uniqueName	The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.
outputProperty	string	uniqueName	The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

Name

Type

Default

Description

inputProperty

string

uniqueName

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

outputProperty

string

uniqueName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

primaryRealm > userDisplayNameMapping

The input and output property mappings for user display name in an user registry operation.

Name	Type	Default	Description
inputProperty	string	principalName	The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.
outputProperty	string	principalName	The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

Name

Type

Default

Description

inputProperty

string

principalName

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

outputProperty

string

principalName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

primaryRealm > userSecurityNameMapping

The input and output property mappings for user security name in an user registry operation.

Name	Type	Default	Description
inputProperty	string	principalName	The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.
outputProperty	string	uniqueName	The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

Name

Type

Default

Description

inputProperty

string

principalName

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

outputProperty

string

uniqueName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

realm

Reference to the realm.

Name	Type	Default	Description
allowOpIfRepoDown	boolean	false	Specifies whether operation is allowed if a repository is down. The default value is false.
delimiter	string	/	Delimiter used to qualify the realm under which the operation should be executed. For example, userid=test1/myrealm where / is the delimiter and myrealm is the realm name.
id	string		A unique configuration ID.
name	string Required		Name of the realm.

Name

Type

Default

Description

allowOpIfRepoDown

boolean

false

Specifies whether operation is allowed if a repository is down. The default value is false.

delimiter

string

Delimiter used to qualify the realm under which the operation should be executed. For example, userid=test1/myrealm where / is the delimiter and myrealm is the realm name.

string

A unique configuration ID.

name

string
Required

Name of the realm.

realm > defaultParents

The default parent mapping for the realm.

Name	Type	Description
id	string	A unique configuration ID.
name	string Required	The name of the entity being mapped. The name of the entity can be PersonAccount or Group.
parentUniqueName	string Required	The distinguished name under Base distinguished name (DN) in the repository under which all entities of the configured type will be created.

Name

Type

Default

Description

string

A unique configuration ID.

name

string
Required

The name of the entity being mapped. The name of the entity can be PersonAccount or Group.

parentUniqueName

string
Required

The distinguished name under Base distinguished name (DN) in the repository under which all entities of the configured type will be created.

realm > groupDisplayNameMapping

The input and output property mappings for group display name in an user registry operation.

Name	Type	Default	Description
inputProperty	string	cn	The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.
outputProperty	string	cn	The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

Name

Type

Default

Description

inputProperty

string

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

outputProperty

string

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

realm > groupSecurityNameMapping

The input and output property mappings for group security name in an user registry operation.

Name	Type	Default	Description
inputProperty	string	cn	The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.
outputProperty	string	cn	The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

Name

Type

Default

Description

inputProperty

string

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

outputProperty

string

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

realm > participatingBaseEntry

The Base Entry that is part of this realm.

Name	Type	Default	Description
id	string		A unique configuration ID.
name	string Required		Name of the base entry.

Name

Type

Default

Description

string

A unique configuration ID.

name

string
Required

Name of the base entry.

realm > uniqueGroupIdMapping

The input and output property mappings for unique group id in an user registry operation.

Name	Type	Default	Description
inputProperty	string	cn	The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.
outputProperty	string	uniqueName	The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

Name

Type

Default

Description

inputProperty

string

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

outputProperty

string

uniqueName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of Group entity type.

realm > uniqueUserIdMapping

The input and output property mappings for unique user id used in an user registry operation.

Name	Type	Default	Description
inputProperty	string	uniqueName	The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.
outputProperty	string	uniqueName	The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

Name

Type

Default

Description

inputProperty

string

uniqueName

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

outputProperty

string

uniqueName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

realm > userDisplayNameMapping

The input and output property mappings for user display name in an user registry operation.

Name	Type	Default	Description
inputProperty	string	principalName	The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.
outputProperty	string	principalName	The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

Name

Type

Default

Description

inputProperty

string

principalName

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

outputProperty

string

principalName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

realm > userSecurityNameMapping

The input and output property mappings for user security name in an user registry operation.

Name	Type	Default	Description
inputProperty	string	principalName	The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.
outputProperty	string	uniqueName	The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

Name

Type

Default

Description

inputProperty

string

principalName

The property that maps to the user registry attribute for input. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

outputProperty

string

uniqueName

The property that maps to the user registry attribute for output. The valid values are: uniqueId, uniqueName, externalId, externalName and the attributes of PersonAccount entity type.

supportedEntityType

The default parent for an entity type mapping.

Name	Type	Description
defaultParent	string	The distinguished name under Base distinguished name (DN) in the repository under which all entities of the configured type will be created.
id	string	A unique configuration ID.
name	string	The name of the entity being mapped. The name of the entity can be PersonAccount or Group.

Name

Type

Default

Description

defaultParent

string

The distinguished name under Base distinguished name (DN) in the repository under which all entities of the configured type will be created.

string

A unique configuration ID.

name

string

The name of the entity being mapped. The name of the entity can be PersonAccount or Group.