Package org.forgerock.openidm.accountchange.client

Interface OpenidmAccountStatusNotificationHandlerCfgClient

  • All Superinterfaces:
    org.forgerock.opendj.server.config.client.AccountStatusNotificationHandlerCfgClient, org.forgerock.opendj.config.ConfigurationClient
    public interface OpenidmAccountStatusNotificationHandlerCfgClient
extends org.forgerock.opendj.server.config.client.AccountStatusNotificationHandlerCfgClient
    A client-side interface for reading and modifying Openidm Account Status Notification Handler settings.

    The Openidm Account Status Notification Handler is an account status notification handler that listens to two kind of changes: password change and password reset. The changes are either immediately sent to OpenIDM or first stored locally and sent later to OpenIDM at the provided interval. The communication with OpenIDM is done through HTTP or HTTPS, with optional SSL client authentication.

    • Method Detail

      • definition

        org.forgerock.opendj.config.ManagedObjectDefinition<? extends OpenidmAccountStatusNotificationHandlerCfgClient,​? extends OpenidmAccountStatusNotificationHandlerCfg> definition()
        Get the configuration definition associated with this Openidm Account Status Notification Handler.
        Specified by:
        definition in interface org.forgerock.opendj.server.config.client.AccountStatusNotificationHandlerCfgClient
        Specified by:
        definition in interface org.forgerock.opendj.config.ConfigurationClient
        Returns:
        Returns the configuration definition associated with this Openidm Account Status Notification Handler.

      • getAttributeType

        SortedSet<org.forgerock.opendj.ldap.schema.AttributeType> getAttributeType()
        Gets the "attribute-type" property.

        Specifies the attribute types that this plug-in will send along with the password change.

        Zero or more attribute types can be specified.

        Returns:
        Returns the values of the "attribute-type" property.

      • setAttributeType

        void setAttributeType​(Collection<org.forgerock.opendj.ldap.schema.AttributeType> values)
               throws org.forgerock.opendj.config.PropertyException
        Sets the "attribute-type" property.

        Specifies the attribute types that this plug-in will send along with the password change.

        Zero or more attribute types can be specified.

        Parameters:
        values - The values of the "attribute-type" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If one or more of the new values are invalid.

      • getCertificateSubjectDN

        org.forgerock.opendj.ldap.DN getCertificateSubjectDN()
        Gets the "certificate-subject-dn" property.

        Specifies the subject DN of the certificate used by OpenIDM.

        The subject DN is used to retrieve the OpenIDM certificate in the truststore. This certificate's public key is necessary to encrypt the JSON content sent to OpenIDM.

        Returns:
        Returns the value of the "certificate-subject-dn" property.

      • setCertificateSubjectDN

        void setCertificateSubjectDN​(org.forgerock.opendj.ldap.DN value)
                      throws org.forgerock.opendj.config.PropertyException
        Sets the "certificate-subject-dn" property.

        Specifies the subject DN of the certificate used by OpenIDM.

        The subject DN is used to retrieve the OpenIDM certificate in the truststore. This certificate's public key is necessary to encrypt the JSON content sent to OpenIDM.

        Parameters:
        value - The value of the "certificate-subject-dn" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.

      • getJavaClass

        String getJavaClass()
        Gets the "java-class" property.

        Specifies the fully-qualified name of the Java class that provides the Openidm Account Status Notification Handler implementation.

        Specified by:
        getJavaClass in interface org.forgerock.opendj.server.config.client.AccountStatusNotificationHandlerCfgClient
        Returns:
        Returns the value of the "java-class" property.

      • setJavaClass

        void setJavaClass​(String value)
           throws org.forgerock.opendj.config.PropertyException
        Sets the "java-class" property.

        Specifies the fully-qualified name of the Java class that provides the Openidm Account Status Notification Handler implementation.

        Specified by:
        setJavaClass in interface org.forgerock.opendj.server.config.client.AccountStatusNotificationHandlerCfgClient
        Parameters:
        value - The value of the "java-class" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.

      • getKeyManagerProvider

        String getKeyManagerProvider()
        Gets the "key-manager-provider" property.

        Specifies the name of the key manager that should be used with this Openidm Account Status Notification Handler.

        It must be provided when ssl-cert-nickname is provided, and must contain a certificate corresponding to the nickname.

        Returns:
        Returns the value of the "key-manager-provider" property.

      • setKeyManagerProvider

        void setKeyManagerProvider​(String value)
                    throws org.forgerock.opendj.config.PropertyException
        Sets the "key-manager-provider" property.

        Specifies the name of the key manager that should be used with this Openidm Account Status Notification Handler.

        It must be provided when ssl-cert-nickname is provided, and must contain a certificate corresponding to the nickname.

        Parameters:
        value - The value of the "key-manager-provider" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.

      • getLogFile

        String getLogFile()
        Gets the "log-file" property.

        Specifies the log file location where the changed passwords are written when the plug-in cannot contact OpenIDM.

        The default location is the logs directory of the server instance, using the file name "pwsync". Passwords in this file will be encrypted.

        Returns:
        Returns the value of the "log-file" property.

      • setLogFile

        void setLogFile​(String value)
         throws org.forgerock.opendj.config.PropertyException
        Sets the "log-file" property.

        Specifies the log file location where the changed passwords are written when the plug-in cannot contact OpenIDM.

        The default location is the logs directory of the server instance, using the file name "pwsync". Passwords in this file will be encrypted.

        Parameters:
        value - The value of the "log-file" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.

      • setOpenidmCompatMode

        void setOpenidmCompatMode​(OpenidmAccountStatusNotificationHandlerCfgDefn.OpenidmCompatMode value)
                   throws org.forgerock.opendj.config.PropertyException
        Sets the "openidm-compat-mode" property.

        Specifies OpenIDM Compatibility Mode.

        Parameters:
        value - The value of the "openidm-compat-mode" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.

      • getOpenidmPassword

        String getOpenidmPassword()
        Gets the "openidm-password" property.

        Specifies the password to use for HTTP Basic Authentication.

        The password must be provided when client certification is not activated, i.e. when no ssl-cert-nickname is provided.

        Returns:
        Returns the value of the "openidm-password" property.

      • setOpenidmPassword

        void setOpenidmPassword​(String value)
                 throws org.forgerock.opendj.config.PropertyException
        Sets the "openidm-password" property.

        Specifies the password to use for HTTP Basic Authentication.

        The password must be provided when client certification is not activated, i.e. when no ssl-cert-nickname is provided.

        Parameters:
        value - The value of the "openidm-password" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.

      • getOpenidmUrl

        String getOpenidmUrl()
        Gets the "openidm-url" property.

        Specifies the URL to OpenIDM endpoint.

        The URL can be either HTTP or HTTPS.

        Returns:
        Returns the value of the "openidm-url" property.

      • setOpenidmUrl

        void setOpenidmUrl​(String value)
            throws org.forgerock.opendj.config.PropertyException
        Sets the "openidm-url" property.

        Specifies the URL to OpenIDM endpoint.

        The URL can be either HTTP or HTTPS.

        Parameters:
        value - The value of the "openidm-url" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.

      • getOpenidmUsername

        String getOpenidmUsername()
        Gets the "openidm-username" property.

        Specifies the username to use for HTTP Basic Authentication.

        The username must be provided when client certification is not activated, i.e. when no ssl-cert-nickname is provided.

        Returns:
        Returns the value of the "openidm-username" property.

      • setOpenidmUsername

        void setOpenidmUsername​(String value)
                 throws org.forgerock.opendj.config.PropertyException
        Sets the "openidm-username" property.

        Specifies the username to use for HTTP Basic Authentication.

        The username must be provided when client certification is not activated, i.e. when no ssl-cert-nickname is provided.

        Parameters:
        value - The value of the "openidm-username" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.

      • getPasswordAttribute

        String getPasswordAttribute()
        Gets the "password-attribute" property.

        Specifies the attribute type used to hold user passwords in JSON returned to OpenIDM.

        This attribute type must be defined in the managed object schema in OpenIDM, and it must have either the user password or auth password syntax.

        Returns:
        Returns the value of the "password-attribute" property.

      • setPasswordAttribute

        void setPasswordAttribute​(String value)
                   throws org.forgerock.opendj.config.PropertyException
        Sets the "password-attribute" property.

        Specifies the attribute type used to hold user passwords in JSON returned to OpenIDM.

        This attribute type must be defined in the managed object schema in OpenIDM, and it must have either the user password or auth password syntax.

        Parameters:
        value - The value of the "password-attribute" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.

      • getPrivateKeyAlias

        String getPrivateKeyAlias()
        Gets the "private-key-alias" property.

        Specifies the alias of the private key that should be used by OpenIDM to decrypt the encrypted JSON content of the requests.

        The encryption of the JSON content sent to OpenIDM requires this alias.

        Returns:
        Returns the value of the "private-key-alias" property.

      • setPrivateKeyAlias

        void setPrivateKeyAlias​(String value)
                 throws org.forgerock.opendj.config.PropertyException
        Sets the "private-key-alias" property.

        Specifies the alias of the private key that should be used by OpenIDM to decrypt the encrypted JSON content of the requests.

        The encryption of the JSON content sent to OpenIDM requires this alias.

        Parameters:
        value - The value of the "private-key-alias" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.

      • getQueryId

        String getQueryId()
        Gets the "query-id" property.

        Specifies the query-id for the patch-by-query request.

        This must match the query ID defined in the managed object service in OpenIDM.

        Returns:
        Returns the value of the "query-id" property.

      • setQueryId

        void setQueryId​(String value)
         throws org.forgerock.opendj.config.PropertyException
        Sets the "query-id" property.

        Specifies the query-id for the patch-by-query request.

        This must match the query ID defined in the managed object service in OpenIDM.

        Parameters:
        value - The value of the "query-id" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.

      • getSSLCertNickname

        String getSSLCertNickname()
        Gets the "ssl-cert-nickname" property.

        Specifies the SSL certificate nickname, which is the alias under which is stored the client certificate in the keystore. It must be provided to activate SSL client authentication when requesting OpenIDM.

        The SSL certificate nickname is necessary to ensure that the appropriate client certificate is retrieved from the keystore when SSL client authentication is required and multiples certificates are present in the keystore.

        Returns:
        Returns the value of the "ssl-cert-nickname" property.

      • setSSLCertNickname

        void setSSLCertNickname​(String value)
                 throws org.forgerock.opendj.config.PropertyException
        Sets the "ssl-cert-nickname" property.

        Specifies the SSL certificate nickname, which is the alias under which is stored the client certificate in the keystore. It must be provided to activate SSL client authentication when requesting OpenIDM.

        The SSL certificate nickname is necessary to ensure that the appropriate client certificate is retrieved from the keystore when SSL client authentication is required and multiples certificates are present in the keystore.

        Parameters:
        value - The value of the "ssl-cert-nickname" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.

      • getTrustManagerProvider

        String getTrustManagerProvider()
        Gets the "trust-manager-provider" property.

        Specifies the name of the trust manager that should be used with the Openidm Account Status Notification Handler.

        It must contain the OpenIDM certificate with the subject DN equals to the certificate-subject-dn property.

        Returns:
        Returns the value of the "trust-manager-provider" property.

      • setTrustManagerProvider

        void setTrustManagerProvider​(String value)
                      throws org.forgerock.opendj.config.PropertyException
        Sets the "trust-manager-provider" property.

        Specifies the name of the trust manager that should be used with the Openidm Account Status Notification Handler.

        It must contain the OpenIDM certificate with the subject DN equals to the certificate-subject-dn property.

        Parameters:
        value - The value of the "trust-manager-provider" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.

      • getUpdateInterval

        long getUpdateInterval()
        Gets the "update-interval" property.

        Specifies the interval when passwords update notifications are sent.

        If this value is 0, then updates are sent synchronously. If this value is strictly superior to zero, then updates are first stored locally, then sent asynchronously by a background thread.

        Returns:
        Returns the value of the "update-interval" property.

      • setUpdateInterval

        void setUpdateInterval​(long value)
                throws org.forgerock.opendj.config.PropertyException
        Sets the "update-interval" property.

        Specifies the interval when passwords update notifications are sent.

        If this value is 0, then updates are sent synchronously. If this value is strictly superior to zero, then updates are first stored locally, then sent asynchronously by a background thread.

        Parameters:
        value - The value of the "update-interval" property.
        Throws:
        org.forgerock.opendj.config.PropertyException - If the new value is invalid.