Structure that specifies policy for password management. It is in fact only a simple reference to a password policy.
This is a credential policy. Which means that it controls how credentials are set (stored). It does not control how credentials are used for authentication. That is controlled by the authentication module setting - and in fact this may even be out of our control completely, e.g. in case that external authentication is used (SSO).
Name | Type | Multiplicity | Description |
---|---|---|---|
name |
property string |
[0,1] | Unique name of the credential. |
description |
property string |
[0,1] | Free form description of the credential (administrator comment). |
documentation |
property string |
[0,1] | Technical documentation for a particular object or construct. |
storageMethod |
container CredentialsStorageMethodType |
[0,1] | Method used to store the values of this credential (encrypted, hashed, . |
resetMethod |
container CredentialsResetMethodType |
[0,1] | Specifies the method of resetting the credential. |
propagationUserControl |
property CredentialsPropagationUserControlType |
[0,1] | Constraints that define how propagation of the credentials can be controlled by the user. |
minOccurs |
property string |
[0,1] | Minimal number of value occurrences. |
maxOccurs |
property string |
[0,1] | Maximal number of value occurrences. |
maxAge |
property duration |
[0,1] | Maximum age of the credential, counted from the last credential value update. |
minAge |
property duration |
[0,1] | Minimum age of the credential, counted from the last credential value update. |
warningBeforeExpirationDuration |
property duration |
[0,1] | The time interval before credential expiration (exceeded maxAge) that the user will be warned that the credential is about to expire. |
lockoutMaxFailedAttempts |
property int |
[0,1] | Maximum number of failed authentication attempts that can be tried before the credential is locked-out. |
lockoutFailedAttemptsDuration |
property duration |
[0,1] | The duration in which the failed attempts must happen for the credential to be locked-out. |
lockoutDuration |
property duration |
[0,1] | The duration for which the credential remains locked-out. |
valuePolicyRef |
reference ObjectReferenceType |
[0,1] | Reference to the value policy for the credential. |
historyLength |
property int |
[0,1] | The number of entries to keep in the credential history. |
historyStorageMethod |
container CredentialsStorageMethodType |
[0,1] | Method used to store historical values of the credential (encrypted, hashed, . |
passwordChangeSecurity |
property PasswordChangeSecurityType |
[0,1] | Additional security applied when changing a password. |
Flags: RAM,runtime
Multiplicity: [0,1]
Unique name of the credential. This name is fact a short identifier.
It is supposed to give some idea about purpose of the credential to system administrator.
It is also used for referencing the credential when needed (e.g. from authentication modules, credential reset specs, etc.)
The name may be stored in the user object together with the credential.
But it is not supposed to be used as a user-friendly label for credential.
Credential name must be unique.
Credential name is optional, mostly due to historical/compatibility reasons.
This is a credential policy. Which means that it controls how credentials are set (stored).
It does not control how credentials are used for authentication. That is controlled by the
authentication module setting - and in fact this may even be out of our control completely,
e.g. in case that external authentication is used (SSO).
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Technical documentation for a particular object or construct.
The purpose of this element is to document system configuration and behavior.
The documentation will not be presented to end users. In fact, it will probably
not be presented at all in midPoint user interface. This documentation element
is supposed to be a part of the technical documentation of midPoint deployment.
The tools than generate deployment configuration will look for these elements
and combine them to compiled documentation document.
AsciiDoc formatting is assumed for this element. Any leading or trailing
whitespace is skipped. Indentation equivalent to he indentation of the first
non-blank line of text is also skipped.
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime,AVals:2
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime
Multiplicity: [0,1]
Flags: RAM,runtime,AVals:3
Multiplicity: [0,1]