1d125652eSGunnar Mills{ 2d125652eSGunnar Mills "$id": "http://redfish.dmtf.org/schemas/v1/AccountService.v1_18_0.json", 3d125652eSGunnar Mills "$ref": "#/definitions/AccountService", 4d125652eSGunnar Mills "$schema": "http://redfish.dmtf.org/schemas/v1/redfish-schema-v1.json", 5d125652eSGunnar Mills "copyright": "Copyright 2014-2025 DMTF. For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright", 6d125652eSGunnar Mills "definitions": { 7d125652eSGunnar Mills "AccountProviderTypes": { 8d125652eSGunnar Mills "enum": [ 9d125652eSGunnar Mills "RedfishService", 10d125652eSGunnar Mills "ActiveDirectoryService", 11d125652eSGunnar Mills "LDAPService", 12d125652eSGunnar Mills "OEM", 13d125652eSGunnar Mills "TACACSplus", 14d125652eSGunnar Mills "OAuth2" 15d125652eSGunnar Mills ], 16d125652eSGunnar Mills "enumDescriptions": { 17d125652eSGunnar Mills "ActiveDirectoryService": "An external Active Directory service.", 18d125652eSGunnar Mills "LDAPService": "A generic external LDAP service.", 19d125652eSGunnar Mills "OAuth2": "An external OAuth 2.0 service.", 20d125652eSGunnar Mills "OEM": "An OEM-specific external authentication or directory service.", 21d125652eSGunnar Mills "RedfishService": "An external Redfish service.", 22d125652eSGunnar Mills "TACACSplus": "An external TACACS+ service." 23d125652eSGunnar Mills }, 24d125652eSGunnar Mills "enumLongDescriptions": { 25d125652eSGunnar Mills "ActiveDirectoryService": "The external account provider shall be a Microsoft Active Directory Technical Specification-conformant service. The `ServiceAddresses` property shall contain fully qualified domain names (FQDN) or NetBIOS names that link to the domain servers for the Active Directory service.", 26d125652eSGunnar Mills "LDAPService": "The external account provider shall be an RFC4511-conformant service. The `ServiceAddresses` property shall contain RFC3986-defined URIs in the format `scheme://host:port`, where `scheme://` and `:port` are optional, that link to the LDAP servers for the service. If the scheme is not specified, services shall assume it is `ldaps://`. If the port is not specified, services shall assume it is `636`. For example, `ldaps://contoso.com:636` or `contoso.com`.", 27d125652eSGunnar Mills "OAuth2": "The external account provider shall be an RFC6749-conformant service. The `ServiceAddresses` property shall contain RFC3986-defined URIs that correspond to the RFC8414-defined metadata for the OAuth 2.0 service. For example, `https://contoso.org/.well-known/oauth-authorization-server`.", 28d125652eSGunnar Mills "RedfishService": "The external account provider shall be a DMTF Redfish Specification-conformant service. The `ServiceAddresses` property shall contain URIs to `AccountService` resources that correspond to Redfish services. For example, `https://192.168.1.50/redfish/v1/AccountService`.", 29d125652eSGunnar Mills "TACACSplus": "The external account provider shall be an RFC8907-conformant service. The `ServiceAddresses` property shall contain RFC3986-defined URIs in the format `host:port` that correspond to the TACACS+ services." 30d125652eSGunnar Mills }, 31d125652eSGunnar Mills "enumVersionAdded": { 32d125652eSGunnar Mills "OAuth2": "v1_10_0", 33d125652eSGunnar Mills "TACACSplus": "v1_8_0" 34d125652eSGunnar Mills }, 35d125652eSGunnar Mills "type": "string" 36d125652eSGunnar Mills }, 37d125652eSGunnar Mills "AccountService": { 38d125652eSGunnar Mills "additionalProperties": false, 39d125652eSGunnar Mills "description": "The `AccountService` schema defines an account service. The properties are common to, and enable management of, all user accounts. The properties include the password requirements and control features, such as account lockout. Properties and actions in this service specify general behavior that should be followed for typical accounts, however implementations might override these behaviors for special accounts or situations to avoid denial of service or other deadlock situations.", 40d125652eSGunnar Mills "longDescription": "This resource shall represent an account service for a Redfish implementation. The properties are common to, and enable management of, all user accounts. The properties include the password requirements and control features, such as account lockout. Properties and actions in this service specify general behavior that should be followed for typical accounts, however implementations may override these behaviors for special accounts or situations to avoid denial of service or other deadlock situations.", 41d125652eSGunnar Mills "patternProperties": { 42d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 43d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 44d125652eSGunnar Mills "type": [ 45d125652eSGunnar Mills "array", 46d125652eSGunnar Mills "boolean", 47d125652eSGunnar Mills "integer", 48d125652eSGunnar Mills "number", 49d125652eSGunnar Mills "null", 50d125652eSGunnar Mills "object", 51d125652eSGunnar Mills "string" 52d125652eSGunnar Mills ] 53d125652eSGunnar Mills } 54d125652eSGunnar Mills }, 55d125652eSGunnar Mills "properties": { 56d125652eSGunnar Mills "@odata.context": { 57d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/context" 58d125652eSGunnar Mills }, 59d125652eSGunnar Mills "@odata.etag": { 60d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/etag" 61d125652eSGunnar Mills }, 62d125652eSGunnar Mills "@odata.id": { 63d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/id" 64d125652eSGunnar Mills }, 65d125652eSGunnar Mills "@odata.type": { 66d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/type" 67d125652eSGunnar Mills }, 68d125652eSGunnar Mills "AccountLockoutCounterResetAfter": { 69d125652eSGunnar Mills "description": "The period of time, in seconds, between the last failed login attempt and the reset of the lockout threshold counter. This value must be less than or equal to the `AccountLockoutDuration` value. A reset sets the counter to `0`.", 70d125652eSGunnar Mills "longDescription": "This property shall contain the period of time, in seconds, from the last failed login attempt when the `AccountLockoutThreshold` counter, which counts the number of failed login attempts, is reset to `0`. Then, `AccountLockoutThreshold` failures are required before the account is locked. This value shall be less than or equal to the `AccountLockoutDuration` value. The threshold counter also resets to `0` after each successful login. If the `AccountLockoutCounterResetEnabled` value is `false`, this property shall be ignored.", 71d125652eSGunnar Mills "minimum": 0, 72d125652eSGunnar Mills "readonly": false, 73d125652eSGunnar Mills "type": "integer", 74d125652eSGunnar Mills "units": "s" 75d125652eSGunnar Mills }, 76d125652eSGunnar Mills "AccountLockoutCounterResetEnabled": { 77d125652eSGunnar Mills "description": "An indication of whether the threshold counter is reset after `AccountLockoutCounterResetAfter` expires. If `true`, it is reset. If `false`, only a successful login resets the threshold counter and if the user reaches the `AccountLockoutThreshold` limit, the account will be locked out indefinitely and only an administrator-issued reset clears the threshold counter. If this property is absent, the default is `true`.", 78d125652eSGunnar Mills "longDescription": "This property shall indicate whether the threshold counter is reset after the `AccountLockoutCounterResetAfter` expires. If `true`, it is reset. If `false`, only a successful login resets the threshold counter and if the user reaches the `AccountLockoutThreshold` limit, the account shall be locked out indefinitely and only an administrator-issued reset clears the threshold counter. If this property is absent, the default is `true`.", 79d125652eSGunnar Mills "readonly": false, 80d125652eSGunnar Mills "type": "boolean", 81d125652eSGunnar Mills "versionAdded": "v1_5_0" 82d125652eSGunnar Mills }, 83d125652eSGunnar Mills "AccountLockoutDuration": { 84d125652eSGunnar Mills "description": "The period of time, in seconds, that an account is locked after the number of failed login attempts reaches the account lockout threshold, within the period between the last failed login attempt and the reset of the lockout threshold counter. If this value is `0`, no lockout will occur. If the `AccountLockoutCounterResetEnabled` value is `false`, this property is ignored.", 85d125652eSGunnar Mills "longDescription": "This property shall contain the period of time, in seconds, that an account is locked after the number of failed login attempts reaches the `AccountLockoutThreshold` value, within the `AccountLockoutCounterResetAfter` window of time. The value shall be greater than or equal to the `AccountLockoutCounterResetAfter` value. If this value is `0`, no lockout shall occur. If `AccountLockoutCounterResetEnabled` value is `false`, this property shall be ignored.", 86d125652eSGunnar Mills "minimum": 0, 87d125652eSGunnar Mills "readonly": false, 88d125652eSGunnar Mills "type": [ 89d125652eSGunnar Mills "integer", 90d125652eSGunnar Mills "null" 91d125652eSGunnar Mills ], 92d125652eSGunnar Mills "units": "s" 93d125652eSGunnar Mills }, 94d125652eSGunnar Mills "AccountLockoutThreshold": { 95d125652eSGunnar Mills "description": "The number of allowed failed login attempts before a user account is locked for a specified duration. If `0`, the account is never locked.", 96d125652eSGunnar Mills "longDescription": "This property shall contain the threshold of failed login attempts before a user account is locked. If `0`, the account shall never be locked.", 97d125652eSGunnar Mills "minimum": 0, 98d125652eSGunnar Mills "readonly": false, 99d125652eSGunnar Mills "type": [ 100d125652eSGunnar Mills "integer", 101d125652eSGunnar Mills "null" 102d125652eSGunnar Mills ] 103d125652eSGunnar Mills }, 104d125652eSGunnar Mills "Accounts": { 105d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/ManagerAccountCollection.json#/definitions/ManagerAccountCollection", 106d125652eSGunnar Mills "description": "The collection of manager accounts.", 107d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource collection of type `ManagerAccountCollection`.", 108d125652eSGunnar Mills "readonly": true 109d125652eSGunnar Mills }, 110d125652eSGunnar Mills "Actions": { 111d125652eSGunnar Mills "$ref": "#/definitions/Actions", 112d125652eSGunnar Mills "description": "The available actions for this resource.", 113d125652eSGunnar Mills "longDescription": "This property shall contain the available actions for this resource.", 114d125652eSGunnar Mills "versionAdded": "v1_2_0" 115d125652eSGunnar Mills }, 116d125652eSGunnar Mills "ActiveDirectory": { 117d125652eSGunnar Mills "$ref": "#/definitions/ExternalAccountProvider", 118d125652eSGunnar Mills "description": "The first Active Directory external account provider that this account service supports.", 119d125652eSGunnar Mills "longDescription": "This property shall contain the first Active Directory external account provider that this account service supports. If the account service supports one or more Active Directory services as an external account provider, this entity shall be populated by default. This entity shall not be present in the additional external account providers resource collection.", 120d125652eSGunnar Mills "versionAdded": "v1_3_0" 121d125652eSGunnar Mills }, 122d125652eSGunnar Mills "AdditionalExternalAccountProviders": { 123d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/ExternalAccountProviderCollection.json#/definitions/ExternalAccountProviderCollection", 124d125652eSGunnar Mills "description": "The additional external account providers that this account service uses.", 125d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource collection of type `ExternalAccountProviderCollection` that represents the additional external account providers that this account service uses.", 126d125652eSGunnar Mills "readonly": true, 127d125652eSGunnar Mills "uriSegment": "ExternalAccountProviders", 128d125652eSGunnar Mills "versionAdded": "v1_3_0" 129d125652eSGunnar Mills }, 130d125652eSGunnar Mills "AuthFailureLoggingThreshold": { 131d125652eSGunnar Mills "description": "The number of authorization failures per account that are allowed before the failed attempt is logged to the manager log.", 132d125652eSGunnar Mills "longDescription": "This property shall contain the threshold for when an authorization failure is logged. Logging shall occur after every `n` occurrences of an authorization failure on the same account, where `n` represents the value of this property. If the value is `0`, logging of authorization failures shall be disabled.", 133d125652eSGunnar Mills "minimum": 0, 134d125652eSGunnar Mills "readonly": false, 135d125652eSGunnar Mills "type": "integer" 136d125652eSGunnar Mills }, 137d125652eSGunnar Mills "Description": { 138d125652eSGunnar Mills "anyOf": [ 139d125652eSGunnar Mills { 140d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Description" 141d125652eSGunnar Mills }, 142d125652eSGunnar Mills { 143d125652eSGunnar Mills "type": "null" 144d125652eSGunnar Mills } 145d125652eSGunnar Mills ], 146d125652eSGunnar Mills "readonly": true 147d125652eSGunnar Mills }, 148d125652eSGunnar Mills "EnforcePasswordHistoryCount": { 149d125652eSGunnar Mills "description": "The number of unique new passwords that need to be associated with a user account before a previous password is accepted when modifying the password. If `0`, a user does not need to provide a unique new password.", 150d125652eSGunnar Mills "longDescription": "This property shall contain the number of unique new passwords that need to be associated with a user account before a previous password is accepted when modifying the password. If not `0`, services shall reject modification requests of the `Password` property and `ChangePassword` actions that contain a previously used password in the specified count. If `0`, services shall not require the user to provide a unique new password. This property does not apply to accounts from external account providers.", 151d125652eSGunnar Mills "minimum": 0, 152d125652eSGunnar Mills "readonly": false, 153d125652eSGunnar Mills "type": "integer", 154d125652eSGunnar Mills "versionAdded": "v1_17_0" 155d125652eSGunnar Mills }, 156d125652eSGunnar Mills "HTTPBasicAuth": { 157d125652eSGunnar Mills "anyOf": [ 158d125652eSGunnar Mills { 159d125652eSGunnar Mills "$ref": "#/definitions/BasicAuthState" 160d125652eSGunnar Mills }, 161d125652eSGunnar Mills { 162d125652eSGunnar Mills "type": "null" 163d125652eSGunnar Mills } 164d125652eSGunnar Mills ], 165d125652eSGunnar Mills "description": "Indicates if HTTP Basic authentication is enabled for this service.", 166d125652eSGunnar Mills "longDescription": "This property shall indicate whether clients are able to authenticate to the Redfish service with HTTP Basic authentication. This property should default to `Enabled` for client compatibility. If this property is not present in responses, the value shall be assumed to be `Enabled`.", 167d125652eSGunnar Mills "readonly": false, 168d125652eSGunnar Mills "versionAdded": "v1_15_0" 169d125652eSGunnar Mills }, 170d125652eSGunnar Mills "Id": { 171d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Id", 172d125652eSGunnar Mills "readonly": true 173d125652eSGunnar Mills }, 174d125652eSGunnar Mills "LDAP": { 175d125652eSGunnar Mills "$ref": "#/definitions/ExternalAccountProvider", 176d125652eSGunnar Mills "description": "The first LDAP external account provider that this account service supports.", 177d125652eSGunnar Mills "longDescription": "This property shall contain the first LDAP external account provider that this account service supports. If the account service supports one or more LDAP services as an external account provider, this entity shall be populated by default. This entity shall not be present in the additional external account providers resource collection.", 178d125652eSGunnar Mills "versionAdded": "v1_3_0" 179d125652eSGunnar Mills }, 180d125652eSGunnar Mills "LocalAccountAuth": { 181d125652eSGunnar Mills "$ref": "#/definitions/LocalAccountAuth", 182d125652eSGunnar Mills "description": "An indication of how the service uses the accounts collection within this account service as part of authentication. The enumerated values describe the details for each mode.", 183d125652eSGunnar Mills "longDescription": "This property shall govern how the service uses the manager accounts resource collection within this account service as part of authentication. The enumerated values describe the details for each mode.", 184d125652eSGunnar Mills "readonly": false, 185d125652eSGunnar Mills "versionAdded": "v1_3_0" 186d125652eSGunnar Mills }, 187d125652eSGunnar Mills "MaxPasswordLength": { 188d125652eSGunnar Mills "description": "The maximum password length for this account service.", 189d125652eSGunnar Mills "longDescription": "This property shall contain the maximum password length that the implementation allows for this account service. This property does not apply to accounts from external account providers.", 190d125652eSGunnar Mills "minimum": 0, 191d125652eSGunnar Mills "readonly": false, 192d125652eSGunnar Mills "type": "integer" 193d125652eSGunnar Mills }, 194d125652eSGunnar Mills "MinPasswordLength": { 195d125652eSGunnar Mills "description": "The minimum password length for this account service.", 196d125652eSGunnar Mills "longDescription": "This property shall contain the minimum password length that the implementation allows for this account service. This property does not apply to accounts from external account providers.", 197d125652eSGunnar Mills "minimum": 0, 198d125652eSGunnar Mills "readonly": false, 199d125652eSGunnar Mills "type": "integer" 200d125652eSGunnar Mills }, 201d125652eSGunnar Mills "MultiFactorAuth": { 202d125652eSGunnar Mills "anyOf": [ 203d125652eSGunnar Mills { 204d125652eSGunnar Mills "$ref": "#/definitions/MultiFactorAuth" 205d125652eSGunnar Mills }, 206d125652eSGunnar Mills { 207d125652eSGunnar Mills "type": "null" 208d125652eSGunnar Mills } 209d125652eSGunnar Mills ], 210d125652eSGunnar Mills "description": "The multi-factor authentication settings that this account service supports.", 211d125652eSGunnar Mills "longDescription": "This property shall contain the multi-factor authentication settings that this account service supports.", 212d125652eSGunnar Mills "versionAdded": "v1_12_0" 213d125652eSGunnar Mills }, 214d125652eSGunnar Mills "Name": { 215d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Name", 216d125652eSGunnar Mills "readonly": true 217d125652eSGunnar Mills }, 218d125652eSGunnar Mills "OAuth2": { 219d125652eSGunnar Mills "anyOf": [ 220d125652eSGunnar Mills { 221d125652eSGunnar Mills "$ref": "#/definitions/ExternalAccountProvider" 222d125652eSGunnar Mills }, 223d125652eSGunnar Mills { 224d125652eSGunnar Mills "type": "null" 225d125652eSGunnar Mills } 226d125652eSGunnar Mills ], 227d125652eSGunnar Mills "description": "The first OAuth 2.0 external account provider that this account service supports.", 228d125652eSGunnar Mills "longDescription": "This property shall contain the first OAuth 2.0 external account provider that this account service supports. If the account service supports one or more OAuth 2.0 services as an external account provider, this entity shall be populated by default. This entity shall not be present in the additional external account providers resource collection.", 229d125652eSGunnar Mills "versionAdded": "v1_10_0" 230d125652eSGunnar Mills }, 231d125652eSGunnar Mills "Oem": { 232d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 233d125652eSGunnar Mills "description": "The OEM extension property.", 234d125652eSGunnar Mills "longDescription": "This property shall contain the OEM extensions. All values for properties that this object contains shall conform to the Redfish Specification-described requirements." 235d125652eSGunnar Mills }, 236d125652eSGunnar Mills "OutboundConnections": { 237d125652eSGunnar Mills "anyOf": [ 238d125652eSGunnar Mills { 239d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/OutboundConnectionCollection.json#/definitions/OutboundConnectionCollection" 240d125652eSGunnar Mills }, 241d125652eSGunnar Mills { 242d125652eSGunnar Mills "type": "null" 243d125652eSGunnar Mills } 244d125652eSGunnar Mills ], 245d125652eSGunnar Mills "description": "The collection of outbound connection configurations.", 246d125652eSGunnar Mills "longDescription": "This property shall contain a resource collection of type `OutboundConnectionCollection`.", 247d125652eSGunnar Mills "versionAdded": "v1_14_0" 248d125652eSGunnar Mills }, 249d125652eSGunnar Mills "PasswordExpirationDays": { 250d125652eSGunnar Mills "description": "The number of days before account passwords in this account service will expire.", 251d125652eSGunnar Mills "longDescription": "This property shall contain the number of days before account passwords in this account service will expire. The value shall be applied during account creation and password modification unless the `PasswordExpiration` property is provided. The value `null` shall indicate that account passwords never expire. This property does not apply to accounts from external account providers.", 252d125652eSGunnar Mills "readonly": false, 253d125652eSGunnar Mills "type": [ 254d125652eSGunnar Mills "integer", 255d125652eSGunnar Mills "null" 256d125652eSGunnar Mills ], 257d125652eSGunnar Mills "versionAdded": "v1_9_0" 258d125652eSGunnar Mills }, 259d125652eSGunnar Mills "PasswordGuidanceMessage": { 260d125652eSGunnar Mills "description": "Password creation guidance for manager accounts.", 261d125652eSGunnar Mills "longDescription": "This property shall contain guidance for creating passwords that meet the password complexity or other related requirements for this service.", 262d125652eSGunnar Mills "readonly": true, 263d125652eSGunnar Mills "type": "string", 264d125652eSGunnar Mills "versionAdded": "v1_18_0" 265d125652eSGunnar Mills }, 266d125652eSGunnar Mills "PasswordGuidanceMessageId": { 267d125652eSGunnar Mills "description": "A `MessageId` that contains password creation guidance for manager accounts.", 268d125652eSGunnar Mills "longDescription": "This property shall contain a `MessageId` value that contains guidance for creating passwords that meet the password complexity or other related requirements for this service. The value shall contain a `MessageId`, as defined in the 'MessageId format' clause of the Redfish Specification.", 269d125652eSGunnar Mills "readonly": true, 270d125652eSGunnar Mills "type": [ 271d125652eSGunnar Mills "string", 272d125652eSGunnar Mills "null" 273d125652eSGunnar Mills ], 274d125652eSGunnar Mills "versionAdded": "v1_18_0" 275d125652eSGunnar Mills }, 276d125652eSGunnar Mills "PrivilegeMap": { 277d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/PrivilegeRegistry.json#/definitions/PrivilegeRegistry", 278d125652eSGunnar Mills "description": "The link to the mapping of the privileges required to complete a requested operation on a URI associated with this service.", 279d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource of type `PrivilegeMapping` that contains the privileges that are required for a user context to complete a requested operation on a URI associated with this service.", 280d125652eSGunnar Mills "readonly": true, 281d125652eSGunnar Mills "versionAdded": "v1_1_0" 282d125652eSGunnar Mills }, 283d125652eSGunnar Mills "RequireChangePasswordAction": { 284d125652eSGunnar Mills "description": "An indication of whether clients are required to invoke the `ChangePassword` action to modify account passwords.", 285d125652eSGunnar Mills "longDescription": "This property shall indicate whether clients are required to invoke the `ChangePassword` action to modify the `Password` property in `ManagerAccount` resources. If `true`, services shall reject `PATCH` and `PUT` requests to modify the `Password` property in `ManagerAccount` resources.", 286d125652eSGunnar Mills "readonly": false, 287d125652eSGunnar Mills "type": [ 288d125652eSGunnar Mills "boolean", 289d125652eSGunnar Mills "null" 290d125652eSGunnar Mills ], 291d125652eSGunnar Mills "versionAdded": "v1_14_0" 292d125652eSGunnar Mills }, 293d125652eSGunnar Mills "RestrictedOemPrivileges": { 294d125652eSGunnar Mills "description": "The set of restricted OEM privileges.", 295d125652eSGunnar Mills "items": { 296d125652eSGunnar Mills "type": "string" 297d125652eSGunnar Mills }, 298d125652eSGunnar Mills "longDescription": "This property shall contain an array of OEM privileges that are restricted by the service.", 299d125652eSGunnar Mills "readonly": true, 300d125652eSGunnar Mills "type": "array", 301d125652eSGunnar Mills "versionAdded": "v1_8_0" 302d125652eSGunnar Mills }, 303d125652eSGunnar Mills "RestrictedPrivileges": { 304d125652eSGunnar Mills "description": "The set of restricted Redfish privileges.", 305d125652eSGunnar Mills "items": { 306d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Privileges.json#/definitions/PrivilegeType" 307d125652eSGunnar Mills }, 308d125652eSGunnar Mills "longDescription": "This property shall contain an array of Redfish privileges that are restricted by the service.", 309d125652eSGunnar Mills "readonly": true, 310d125652eSGunnar Mills "type": "array", 311d125652eSGunnar Mills "versionAdded": "v1_8_0" 312d125652eSGunnar Mills }, 313d125652eSGunnar Mills "Roles": { 314d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/RoleCollection.json#/definitions/RoleCollection", 315d125652eSGunnar Mills "description": "The collection of Redfish roles.", 316d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource collection of type `RoleCollection`.", 317d125652eSGunnar Mills "readonly": true 318d125652eSGunnar Mills }, 319d125652eSGunnar Mills "ServiceEnabled": { 320d125652eSGunnar Mills "description": "An indication of whether the account service is enabled. If `true`, it is enabled. If `false`, it is disabled and users cannot be created, deleted, or modified, and new sessions cannot be started. However, established sessions might still continue to run. Any service, such as the session service, that attempts to access the disabled account service fails. However, this does not affect HTTP Basic Authentication connections.", 321d125652eSGunnar Mills "longDescription": "This property shall indicate whether the account service is enabled. If `true`, it is enabled. If `false`, it is disabled and users cannot be created, deleted, or modified, and new sessions cannot be started. However, established sessions may still continue to run. Any service, such as the session service, that attempts to access the disabled account service fails. However, this does not affect HTTP Basic Authentication connections.", 322d125652eSGunnar Mills "readonly": false, 323d125652eSGunnar Mills "type": [ 324d125652eSGunnar Mills "boolean", 325d125652eSGunnar Mills "null" 326d125652eSGunnar Mills ] 327d125652eSGunnar Mills }, 328d125652eSGunnar Mills "Status": { 329d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Status", 330d125652eSGunnar Mills "description": "The status and health of the resource and its subordinate or dependent resources.", 331d125652eSGunnar Mills "longDescription": "This property shall contain any status or health properties of the resource." 332d125652eSGunnar Mills }, 333d125652eSGunnar Mills "SupportedAccountTypes": { 334d125652eSGunnar Mills "description": "The account types supported by the service.", 335d125652eSGunnar Mills "items": { 336d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/ManagerAccount.json#/definitions/AccountTypes" 337d125652eSGunnar Mills }, 338d125652eSGunnar Mills "longDescription": "This property shall contain an array of the account types supported by the service.", 339d125652eSGunnar Mills "readonly": true, 340d125652eSGunnar Mills "type": "array", 341d125652eSGunnar Mills "versionAdded": "v1_8_0" 342d125652eSGunnar Mills }, 343d125652eSGunnar Mills "SupportedOEMAccountTypes": { 344d125652eSGunnar Mills "description": "The OEM account types supported by the service.", 345d125652eSGunnar Mills "items": { 346d125652eSGunnar Mills "type": "string" 347d125652eSGunnar Mills }, 348d125652eSGunnar Mills "longDescription": "This property shall contain an array of the OEM account types supported by the service.", 349d125652eSGunnar Mills "readonly": true, 350d125652eSGunnar Mills "type": "array", 351d125652eSGunnar Mills "versionAdded": "v1_8_0" 352d125652eSGunnar Mills }, 353d125652eSGunnar Mills "TACACSplus": { 354d125652eSGunnar Mills "anyOf": [ 355d125652eSGunnar Mills { 356d125652eSGunnar Mills "$ref": "#/definitions/ExternalAccountProvider" 357d125652eSGunnar Mills }, 358d125652eSGunnar Mills { 359d125652eSGunnar Mills "type": "null" 360d125652eSGunnar Mills } 361d125652eSGunnar Mills ], 362d125652eSGunnar Mills "description": "The first TACACS+ external account provider that this account service supports.", 363d125652eSGunnar Mills "longDescription": "This property shall contain the first TACACS+ external account provider that this account service supports. If the account service supports one or more TACACS+ services as an external account provider, this entity shall be populated by default. This entity shall not be present in the additional external account providers resource collection.", 364d125652eSGunnar Mills "versionAdded": "v1_8_0" 365d125652eSGunnar Mills } 366d125652eSGunnar Mills }, 367d125652eSGunnar Mills "required": [ 368d125652eSGunnar Mills "@odata.id", 369d125652eSGunnar Mills "@odata.type", 370d125652eSGunnar Mills "Id", 371d125652eSGunnar Mills "Name" 372d125652eSGunnar Mills ], 373d125652eSGunnar Mills "type": "object" 374d125652eSGunnar Mills }, 375d125652eSGunnar Mills "Actions": { 376d125652eSGunnar Mills "additionalProperties": false, 377d125652eSGunnar Mills "description": "The available actions for this resource.", 378d125652eSGunnar Mills "longDescription": "This type shall contain the available actions for this resource.", 379d125652eSGunnar Mills "patternProperties": { 380d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 381d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 382d125652eSGunnar Mills "type": [ 383d125652eSGunnar Mills "array", 384d125652eSGunnar Mills "boolean", 385d125652eSGunnar Mills "integer", 386d125652eSGunnar Mills "number", 387d125652eSGunnar Mills "null", 388d125652eSGunnar Mills "object", 389d125652eSGunnar Mills "string" 390d125652eSGunnar Mills ] 391d125652eSGunnar Mills } 392d125652eSGunnar Mills }, 393d125652eSGunnar Mills "properties": { 394d125652eSGunnar Mills "Oem": { 395d125652eSGunnar Mills "$ref": "#/definitions/OemActions", 396d125652eSGunnar Mills "description": "The available OEM-specific actions for this resource.", 397d125652eSGunnar Mills "longDescription": "This property shall contain the available OEM-specific actions for this resource.", 398d125652eSGunnar Mills "versionAdded": "v1_2_0" 399d125652eSGunnar Mills } 400d125652eSGunnar Mills }, 401d125652eSGunnar Mills "type": "object" 402d125652eSGunnar Mills }, 403d125652eSGunnar Mills "Authentication": { 404d125652eSGunnar Mills "additionalProperties": false, 405d125652eSGunnar Mills "description": "The information required to authenticate to the external service.", 406d125652eSGunnar Mills "longDescription": "This type shall contain the information required to authenticate to the external service.", 407d125652eSGunnar Mills "patternProperties": { 408d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 409d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 410d125652eSGunnar Mills "type": [ 411d125652eSGunnar Mills "array", 412d125652eSGunnar Mills "boolean", 413d125652eSGunnar Mills "integer", 414d125652eSGunnar Mills "number", 415d125652eSGunnar Mills "null", 416d125652eSGunnar Mills "object", 417d125652eSGunnar Mills "string" 418d125652eSGunnar Mills ] 419d125652eSGunnar Mills } 420d125652eSGunnar Mills }, 421d125652eSGunnar Mills "properties": { 422d125652eSGunnar Mills "AuthenticationType": { 423d125652eSGunnar Mills "anyOf": [ 424d125652eSGunnar Mills { 425d125652eSGunnar Mills "$ref": "#/definitions/AuthenticationTypes" 426d125652eSGunnar Mills }, 427d125652eSGunnar Mills { 428d125652eSGunnar Mills "type": "null" 429d125652eSGunnar Mills } 430d125652eSGunnar Mills ], 431d125652eSGunnar Mills "description": "The type of authentication used to connect to the external account provider.", 432d125652eSGunnar Mills "longDescription": "This property shall contain the type of authentication used to connect to the external account provider.", 433d125652eSGunnar Mills "readonly": false, 434d125652eSGunnar Mills "versionAdded": "v1_3_0" 435d125652eSGunnar Mills }, 436d125652eSGunnar Mills "EncryptionKey": { 437d125652eSGunnar Mills "description": "Specifies the encryption key.", 438d125652eSGunnar Mills "longDescription": "This property shall contain the value of a symmetric encryption key for account services that support some form of encryption, obfuscation, or authentication such as TACACS+. The value shall be `null` in responses. The property shall accept a hexadecimal string whose length depends on the external account service, such as TACACS+. A TACACS+ service shall use this property to specify the secret key as defined in RFC8907.", 439d125652eSGunnar Mills "pattern": "^[0-9a-fA-F]+$", 440d125652eSGunnar Mills "readonly": false, 441d125652eSGunnar Mills "type": [ 442d125652eSGunnar Mills "string", 443d125652eSGunnar Mills "null" 444d125652eSGunnar Mills ], 445d125652eSGunnar Mills "versionAdded": "v1_8_0", 446d125652eSGunnar Mills "writeOnly": true 447d125652eSGunnar Mills }, 448d125652eSGunnar Mills "EncryptionKeySet": { 449d125652eSGunnar Mills "description": "Indicates if the `EncryptionKey` property is set.", 450d125652eSGunnar Mills "longDescription": "This property shall contain `true` if a valid value was provided for the `EncryptionKey` property. Otherwise, the property shall contain `false`. For a TACACS+ service, the value `false` shall indicate data obfuscation, as defined in section 4.5 of RFC8907, is disabled.", 451d125652eSGunnar Mills "readonly": true, 452d125652eSGunnar Mills "type": [ 453d125652eSGunnar Mills "boolean", 454d125652eSGunnar Mills "null" 455d125652eSGunnar Mills ], 456d125652eSGunnar Mills "versionAdded": "v1_8_0" 457d125652eSGunnar Mills }, 458d125652eSGunnar Mills "KerberosKeytab": { 459d125652eSGunnar Mills "description": "The Base64-encoded Kerberos keytab for this service. A `PATCH` or `PUT` operation writes the keytab. This property is `null` in responses.", 460d125652eSGunnar Mills "longDescription": "This property shall contain a Base64-encoded string, with padding characters, of the Kerberos keytab for this service. A `PATCH` or `PUT` operation writes the keytab. The value shall be `null` in responses.", 461d125652eSGunnar Mills "readonly": false, 462d125652eSGunnar Mills "type": [ 463d125652eSGunnar Mills "string", 464d125652eSGunnar Mills "null" 465d125652eSGunnar Mills ], 466d125652eSGunnar Mills "versionAdded": "v1_3_0", 467d125652eSGunnar Mills "writeOnly": true 468d125652eSGunnar Mills }, 469d125652eSGunnar Mills "Oem": { 470d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 471d125652eSGunnar Mills "description": "The OEM extension property.", 472d125652eSGunnar Mills "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements.", 473d125652eSGunnar Mills "versionAdded": "v1_3_0" 474d125652eSGunnar Mills }, 475d125652eSGunnar Mills "Password": { 476d125652eSGunnar Mills "description": "The password for this service. A `PATCH` or `PUT` request writes the password. This property is `null` in responses.", 477d125652eSGunnar Mills "longDescription": "This property shall contain the password for this service. A `PATCH` or `PUT` operation writes the password. The value shall be `null` in responses.", 478d125652eSGunnar Mills "readonly": false, 479d125652eSGunnar Mills "type": [ 480d125652eSGunnar Mills "string", 481d125652eSGunnar Mills "null" 482d125652eSGunnar Mills ], 483d125652eSGunnar Mills "versionAdded": "v1_3_0", 484d125652eSGunnar Mills "writeOnly": true 485d125652eSGunnar Mills }, 486d125652eSGunnar Mills "Token": { 487d125652eSGunnar Mills "description": "The token for this service. A `PATCH` or `PUT` operation writes the token. This property is `null` in responses.", 488d125652eSGunnar Mills "longDescription": "This property shall contain the token for this service. A `PATCH` or `PUT` operation writes the token. The value shall be `null` in responses.", 489d125652eSGunnar Mills "readonly": false, 490d125652eSGunnar Mills "type": [ 491d125652eSGunnar Mills "string", 492d125652eSGunnar Mills "null" 493d125652eSGunnar Mills ], 494d125652eSGunnar Mills "versionAdded": "v1_3_0", 495d125652eSGunnar Mills "writeOnly": true 496d125652eSGunnar Mills }, 497d125652eSGunnar Mills "Username": { 498d125652eSGunnar Mills "description": "The username for the service.", 499d125652eSGunnar Mills "longDescription": "This property shall contain the username for this service.", 500d125652eSGunnar Mills "readonly": false, 501d125652eSGunnar Mills "type": "string", 502d125652eSGunnar Mills "versionAdded": "v1_3_0" 503d125652eSGunnar Mills } 504d125652eSGunnar Mills }, 505d125652eSGunnar Mills "type": "object" 506d125652eSGunnar Mills }, 507d125652eSGunnar Mills "AuthenticationTypes": { 508d125652eSGunnar Mills "enum": [ 509d125652eSGunnar Mills "Token", 510d125652eSGunnar Mills "KerberosKeytab", 511d125652eSGunnar Mills "UsernameAndPassword", 512d125652eSGunnar Mills "OEM" 513d125652eSGunnar Mills ], 514d125652eSGunnar Mills "enumDescriptions": { 515d125652eSGunnar Mills "KerberosKeytab": "A Kerberos keytab.", 516d125652eSGunnar Mills "OEM": "An OEM-specific authentication mechanism.", 517d125652eSGunnar Mills "Token": "An opaque authentication token.", 518d125652eSGunnar Mills "UsernameAndPassword": "A username and password combination." 519d125652eSGunnar Mills }, 520d125652eSGunnar Mills "type": "string" 521d125652eSGunnar Mills }, 522d125652eSGunnar Mills "BasicAuthState": { 523d125652eSGunnar Mills "enum": [ 524d125652eSGunnar Mills "Enabled", 525d125652eSGunnar Mills "Unadvertised", 526d125652eSGunnar Mills "Disabled" 527d125652eSGunnar Mills ], 528d125652eSGunnar Mills "enumDescriptions": { 529d125652eSGunnar Mills "Disabled": "HTTP Basic authentication is disabled.", 530d125652eSGunnar Mills "Enabled": "HTTP Basic authentication is enabled.", 531d125652eSGunnar Mills "Unadvertised": "HTTP Basic authentication is enabled, but is not advertised with the `WWW-Authenticate` response header." 532d125652eSGunnar Mills }, 533d125652eSGunnar Mills "enumLongDescriptions": { 534d125652eSGunnar Mills "Disabled": "This value shall indicate that HTTP Basic authentication is disabled for the service.", 535d125652eSGunnar Mills "Enabled": "This value shall indicate that HTTP Basic authentication is enabled for the service. The service shall include the `WWW-Authenticate` HTTP response header with the value including `Basic` when returning the HTTP `401 Unauthorized` status code.", 536d125652eSGunnar Mills "Unadvertised": "This value shall indicate that HTTP Basic authentication is enabled for the service. The service shall not include `Basic` in the value of the `WWW-Authenticate` HTTP response header and may omit the header entirely from responses. The lack of advertisement prevents some clients from accessing the service with HTTP Basic authentication, such as web browsers." 537d125652eSGunnar Mills }, 538d125652eSGunnar Mills "type": "string" 539d125652eSGunnar Mills }, 540d125652eSGunnar Mills "CertificateMappingAttribute": { 541d125652eSGunnar Mills "enum": [ 542d125652eSGunnar Mills "Whole", 543d125652eSGunnar Mills "CommonName", 544d125652eSGunnar Mills "UserPrincipalName" 545d125652eSGunnar Mills ], 546d125652eSGunnar Mills "enumDescriptions": { 547d125652eSGunnar Mills "CommonName": "Match the Common Name (CN) field in the provided certificate to the username.", 548d125652eSGunnar Mills "UserPrincipalName": "Match the User Principal Name (UPN) field in the provided certificate to the username.", 549d125652eSGunnar Mills "Whole": "Match the whole certificate." 550d125652eSGunnar Mills }, 551d125652eSGunnar Mills "enumLongDescriptions": { 552d125652eSGunnar Mills "CommonName": "This value shall indicate the service matches the RFC5280-defined 'commonName' attribute in the provided certificate to the `UserName` property in a `ManagerAccount` resource or the appropriate field from an external account provider.", 553d125652eSGunnar Mills "UserPrincipalName": "This value shall indicate the service matches the User Principal Name (UPN) field in the provided certificate to the `UserName` property in a `ManagerAccount` resource or the appropriate field from an external account provider.", 554d125652eSGunnar Mills "Whole": "This value shall indicate the service matches the entire certificate with a `Certificate` resource subordinate to a `ManagerAccount` resource or the entire certificate matches the appropriate field from an external account provider." 555d125652eSGunnar Mills }, 556d125652eSGunnar Mills "type": "string" 557d125652eSGunnar Mills }, 558d125652eSGunnar Mills "ClientCertificate": { 559d125652eSGunnar Mills "additionalProperties": false, 560d125652eSGunnar Mills "description": "Various settings for client certificate authentication such as mTLS or CAC/PIV.", 561d125652eSGunnar Mills "longDescription": "This type shall contain settings for client certificate authentication.", 562d125652eSGunnar Mills "patternProperties": { 563d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 564d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 565d125652eSGunnar Mills "type": [ 566d125652eSGunnar Mills "array", 567d125652eSGunnar Mills "boolean", 568d125652eSGunnar Mills "integer", 569d125652eSGunnar Mills "number", 570d125652eSGunnar Mills "null", 571d125652eSGunnar Mills "object", 572d125652eSGunnar Mills "string" 573d125652eSGunnar Mills ] 574d125652eSGunnar Mills } 575d125652eSGunnar Mills }, 576d125652eSGunnar Mills "properties": { 577d125652eSGunnar Mills "CertificateMappingAttribute": { 578d125652eSGunnar Mills "anyOf": [ 579d125652eSGunnar Mills { 580d125652eSGunnar Mills "$ref": "#/definitions/CertificateMappingAttribute" 581d125652eSGunnar Mills }, 582d125652eSGunnar Mills { 583d125652eSGunnar Mills "type": "null" 584d125652eSGunnar Mills } 585d125652eSGunnar Mills ], 586d125652eSGunnar Mills "description": "The client certificate attribute to map to a user.", 587d125652eSGunnar Mills "longDescription": "This property shall contain the client certificate attribute to map to a user.", 588d125652eSGunnar Mills "readonly": false, 589d125652eSGunnar Mills "versionAdded": "v1_12_0" 590d125652eSGunnar Mills }, 591d125652eSGunnar Mills "Certificates": { 592d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/CertificateCollection.json#/definitions/CertificateCollection", 593d125652eSGunnar Mills "description": "The link to a collection of CA certificates used to validate client certificates.", 594d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource collection of type `CertificateCollection` that represents the CA certificates used to validate client certificates during TLS handshaking. Regardless of the contents of this collection, services may perform additional verification based on other factors, such as the configuration of the `SecurityPolicy` resource. If the service supports the `RevokedCertificates` or `TrustedCertificates` properties within the `Server` property within the `TLS` property of the `SecurityPolicy` resource, the service shall verify the provided client certificate with the `SecurityPolicy` resource prior to verifying it with this collection.", 595d125652eSGunnar Mills "readonly": true, 596d125652eSGunnar Mills "versionAdded": "v1_12_0" 597d125652eSGunnar Mills }, 598d125652eSGunnar Mills "Enabled": { 599d125652eSGunnar Mills "description": "An indication of whether client certificate authentication is enabled.", 600d125652eSGunnar Mills "longDescription": "This property shall indicate whether client certificate authentication is enabled.", 601d125652eSGunnar Mills "readonly": false, 602d125652eSGunnar Mills "type": [ 603d125652eSGunnar Mills "boolean", 604d125652eSGunnar Mills "null" 605d125652eSGunnar Mills ], 606d125652eSGunnar Mills "versionAdded": "v1_12_0" 607d125652eSGunnar Mills }, 608d125652eSGunnar Mills "RespondToUnauthenticatedClients": { 609d125652eSGunnar Mills "description": "An indication of whether the service responds to clients that do not successfully authenticate.", 610d125652eSGunnar Mills "longDescription": "This property shall indicate whether the service responds to clients that do not successfully authenticate. If this property is not supported by the service, it shall be assumed to be `true`. See the 'Client certificate authentication' clause in the Redfish Specification.", 611d125652eSGunnar Mills "readonly": false, 612d125652eSGunnar Mills "type": [ 613d125652eSGunnar Mills "boolean", 614d125652eSGunnar Mills "null" 615d125652eSGunnar Mills ], 616d125652eSGunnar Mills "versionAdded": "v1_12_0" 617d125652eSGunnar Mills } 618d125652eSGunnar Mills }, 619d125652eSGunnar Mills "type": "object" 620d125652eSGunnar Mills }, 621d125652eSGunnar Mills "ExternalAccountProvider": { 622d125652eSGunnar Mills "additionalProperties": false, 623d125652eSGunnar Mills "description": "The external account provider services that can provide accounts for this manager to use for authentication.", 624d125652eSGunnar Mills "longDescription": "This type shall contain properties that represent external account provider services that can provide accounts for this manager to use for authentication.", 625d125652eSGunnar Mills "patternProperties": { 626d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 627d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 628d125652eSGunnar Mills "type": [ 629d125652eSGunnar Mills "array", 630d125652eSGunnar Mills "boolean", 631d125652eSGunnar Mills "integer", 632d125652eSGunnar Mills "number", 633d125652eSGunnar Mills "null", 634d125652eSGunnar Mills "object", 635d125652eSGunnar Mills "string" 636d125652eSGunnar Mills ] 637d125652eSGunnar Mills } 638d125652eSGunnar Mills }, 639d125652eSGunnar Mills "properties": { 640d125652eSGunnar Mills "AccountProviderType": { 641d125652eSGunnar Mills "anyOf": [ 642d125652eSGunnar Mills { 643d125652eSGunnar Mills "$ref": "#/definitions/AccountProviderTypes" 644d125652eSGunnar Mills }, 645d125652eSGunnar Mills { 646d125652eSGunnar Mills "type": "null" 647d125652eSGunnar Mills } 648d125652eSGunnar Mills ], 649d125652eSGunnar Mills "deprecated": "This property is deprecated because the account provider type is known when used in the `LDAP` and `ActiveDirectory` objects.", 650d125652eSGunnar Mills "description": "The type of external account provider to which this service connects.", 651d125652eSGunnar Mills "longDescription": "This property shall contain the type of external account provider to which this service connects.", 652d125652eSGunnar Mills "readonly": true, 653d125652eSGunnar Mills "versionAdded": "v1_3_0", 654d125652eSGunnar Mills "versionDeprecated": "v1_5_0" 655d125652eSGunnar Mills }, 656d125652eSGunnar Mills "Authentication": { 657d125652eSGunnar Mills "$ref": "#/definitions/Authentication", 658d125652eSGunnar Mills "description": "The authentication information for the external account provider.", 659d125652eSGunnar Mills "longDescription": "This property shall contain the authentication information for the external account provider.", 660d125652eSGunnar Mills "versionAdded": "v1_3_0" 661d125652eSGunnar Mills }, 662d125652eSGunnar Mills "Certificates": { 663d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/CertificateCollection.json#/definitions/CertificateCollection", 664d125652eSGunnar Mills "description": "The link to a collection of certificates that the external account provider uses.", 665d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource collection of type `CertificateCollection` that contains certificates the external account provider uses.", 666d125652eSGunnar Mills "readonly": true, 667d125652eSGunnar Mills "versionAdded": "v1_4_0" 668d125652eSGunnar Mills }, 669d125652eSGunnar Mills "LDAPService": { 670d125652eSGunnar Mills "$ref": "#/definitions/LDAPService", 671d125652eSGunnar Mills "description": "The additional mapping information needed to parse a generic LDAP service.", 672d125652eSGunnar Mills "longDescription": "This property shall contain any additional mapping information needed to parse a generic LDAP service. This property should only be present inside the `LDAP` property.", 673d125652eSGunnar Mills "versionAdded": "v1_3_0" 674d125652eSGunnar Mills }, 675d125652eSGunnar Mills "OAuth2Service": { 676d125652eSGunnar Mills "anyOf": [ 677d125652eSGunnar Mills { 678d125652eSGunnar Mills "$ref": "#/definitions/OAuth2Service" 679d125652eSGunnar Mills }, 680d125652eSGunnar Mills { 681d125652eSGunnar Mills "type": "null" 682d125652eSGunnar Mills } 683d125652eSGunnar Mills ], 684d125652eSGunnar Mills "description": "The additional information needed to parse an OAuth 2.0 service.", 685d125652eSGunnar Mills "longDescription": "This property shall contain additional information needed to parse an OAuth 2.0 service. This property should only be present inside an `OAuth2` property.", 686d125652eSGunnar Mills "versionAdded": "v1_10_0" 687d125652eSGunnar Mills }, 688d125652eSGunnar Mills "PasswordSet": { 689d125652eSGunnar Mills "description": "Indicates if the `Password` property is set.", 690d125652eSGunnar Mills "longDescription": "This property shall contain `true` if a valid value was provided for the `Password` property. Otherwise, the property shall contain `false`.", 691d125652eSGunnar Mills "readonly": true, 692d125652eSGunnar Mills "type": "boolean", 693d125652eSGunnar Mills "versionAdded": "v1_7_0" 694d125652eSGunnar Mills }, 695d125652eSGunnar Mills "Priority": { 696d125652eSGunnar Mills "description": "The authentication priority for the external account provider.", 697d125652eSGunnar Mills "longDescription": "This property shall contain the assigned priority for the specified external account provider. The value `0` shall indicate the highest priority. Increasing values shall represent decreasing priority. If an external provider does not have a priority assignment or two or more external providers have the same priority, the behavior shall be determined by the Redfish service. The priority is used to determine the order of authentication and authorization for each external account provider.", 698d125652eSGunnar Mills "minimum": 0, 699d125652eSGunnar Mills "readonly": false, 700d125652eSGunnar Mills "type": [ 701d125652eSGunnar Mills "integer", 702d125652eSGunnar Mills "null" 703d125652eSGunnar Mills ], 704d125652eSGunnar Mills "versionAdded": "v1_8_0" 705d125652eSGunnar Mills }, 706d125652eSGunnar Mills "RemoteRoleMapping": { 707d125652eSGunnar Mills "description": "The mapping rules to convert the external account providers account information to the local Redfish role.", 708d125652eSGunnar Mills "items": { 709d125652eSGunnar Mills "anyOf": [ 710d125652eSGunnar Mills { 711d125652eSGunnar Mills "$ref": "#/definitions/RoleMapping" 712d125652eSGunnar Mills }, 713d125652eSGunnar Mills { 714d125652eSGunnar Mills "type": "null" 715d125652eSGunnar Mills } 716d125652eSGunnar Mills ] 717d125652eSGunnar Mills }, 718d125652eSGunnar Mills "longDescription": "This property shall contain a set of the mapping rules that are used to convert the external account providers account information to the local Redfish role.", 719d125652eSGunnar Mills "type": "array", 720d125652eSGunnar Mills "versionAdded": "v1_3_0" 721d125652eSGunnar Mills }, 722d125652eSGunnar Mills "Retries": { 723d125652eSGunnar Mills "description": "The number of times to retry connecting to an address in the `ServiceAddresses` property before attempting the next address in the array.", 724d125652eSGunnar Mills "longDescription": "This property shall contain the number of retries to attempt a connection to an address in the `ServiceAddresses` property before attempting a connection to the next address in the array or giving up. If this property is not present, the service has internal policies for handling retries.", 725d125652eSGunnar Mills "readonly": false, 726d125652eSGunnar Mills "type": [ 727d125652eSGunnar Mills "integer", 728d125652eSGunnar Mills "null" 729d125652eSGunnar Mills ], 730d125652eSGunnar Mills "versionAdded": "v1_13_0" 731d125652eSGunnar Mills }, 732d125652eSGunnar Mills "ServiceAddresses": { 733d125652eSGunnar Mills "description": "The addresses of the user account providers to which this external account provider links. The format of this field depends on the type of external account provider.", 734d125652eSGunnar Mills "items": { 735d125652eSGunnar Mills "type": [ 736d125652eSGunnar Mills "string", 737d125652eSGunnar Mills "null" 738d125652eSGunnar Mills ] 739d125652eSGunnar Mills }, 740d125652eSGunnar Mills "longDescription": "This property shall contain the addresses of the account providers to which this external account provider links. The format of this field depends on the type of external account provider. Each item in the array shall contain a single address. Services can define their own behavior for managing multiple addresses.", 741d125652eSGunnar Mills "readonly": false, 742d125652eSGunnar Mills "type": "array", 743d125652eSGunnar Mills "versionAdded": "v1_3_0" 744d125652eSGunnar Mills }, 745d125652eSGunnar Mills "ServiceEnabled": { 746d125652eSGunnar Mills "description": "An indication of whether this service is enabled.", 747d125652eSGunnar Mills "longDescription": "This property shall indicate whether this service is enabled.", 748d125652eSGunnar Mills "readonly": false, 749d125652eSGunnar Mills "type": [ 750d125652eSGunnar Mills "boolean", 751d125652eSGunnar Mills "null" 752d125652eSGunnar Mills ], 753d125652eSGunnar Mills "versionAdded": "v1_3_0" 754d125652eSGunnar Mills }, 755d125652eSGunnar Mills "TACACSplusService": { 756d125652eSGunnar Mills "anyOf": [ 757d125652eSGunnar Mills { 758d125652eSGunnar Mills "$ref": "#/definitions/TACACSplusService" 759d125652eSGunnar Mills }, 760d125652eSGunnar Mills { 761d125652eSGunnar Mills "type": "null" 762d125652eSGunnar Mills } 763d125652eSGunnar Mills ], 764d125652eSGunnar Mills "description": "The additional information needed to parse a TACACS+ services.", 765d125652eSGunnar Mills "longDescription": "This property shall contain additional information needed to parse a TACACS+ services. This property should only be present inside a `TACACSplus` property.", 766d125652eSGunnar Mills "versionAdded": "v1_8_0" 767d125652eSGunnar Mills }, 768d125652eSGunnar Mills "TimeoutSeconds": { 769d125652eSGunnar Mills "description": "The period of time, in seconds, this account service will wait for a response from an address of a user account provider before timing out.", 770d125652eSGunnar Mills "longDescription": "This property shall contain the period of time, in seconds, this account service will wait for a response from an address of a user account provider before timing out. If this property is not present, the service has internal policies for handling timeouts.", 771d125652eSGunnar Mills "readonly": false, 772d125652eSGunnar Mills "type": [ 773d125652eSGunnar Mills "integer", 774d125652eSGunnar Mills "null" 775d125652eSGunnar Mills ], 776d125652eSGunnar Mills "versionAdded": "v1_13_0" 777d125652eSGunnar Mills } 778d125652eSGunnar Mills }, 779d125652eSGunnar Mills "type": "object" 780d125652eSGunnar Mills }, 781d125652eSGunnar Mills "GoogleAuthenticator": { 782d125652eSGunnar Mills "additionalProperties": false, 783d125652eSGunnar Mills "description": "Various settings for Google Authenticator multi-factor authentication.", 784d125652eSGunnar Mills "longDescription": "This type shall contain settings for Google Authenticator multi-factor authentication.", 785d125652eSGunnar Mills "patternProperties": { 786d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 787d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 788d125652eSGunnar Mills "type": [ 789d125652eSGunnar Mills "array", 790d125652eSGunnar Mills "boolean", 791d125652eSGunnar Mills "integer", 792d125652eSGunnar Mills "number", 793d125652eSGunnar Mills "null", 794d125652eSGunnar Mills "object", 795d125652eSGunnar Mills "string" 796d125652eSGunnar Mills ] 797d125652eSGunnar Mills } 798d125652eSGunnar Mills }, 799d125652eSGunnar Mills "properties": { 800d125652eSGunnar Mills "Enabled": { 801d125652eSGunnar Mills "description": "An indication of whether multi-factor authentication with Google Authenticator is enabled.", 802d125652eSGunnar Mills "longDescription": "This property shall indicate whether multi-factor authentication with Google Authenticator is enabled.", 803d125652eSGunnar Mills "readonly": false, 804d125652eSGunnar Mills "type": [ 805d125652eSGunnar Mills "boolean", 806d125652eSGunnar Mills "null" 807d125652eSGunnar Mills ], 808d125652eSGunnar Mills "versionAdded": "v1_12_0" 809d125652eSGunnar Mills }, 810d125652eSGunnar Mills "SecretKey": { 811d125652eSGunnar Mills "description": "The secret key to use when communicating with the Google Authenticator server. This property is `null` in responses.", 812d125652eSGunnar Mills "longDescription": "This property shall contain the client key to use when communicating with the Google Authenticator Server. The value shall be `null` in responses.", 813d125652eSGunnar Mills "readonly": false, 814d125652eSGunnar Mills "type": [ 815d125652eSGunnar Mills "string", 816d125652eSGunnar Mills "null" 817d125652eSGunnar Mills ], 818d125652eSGunnar Mills "versionAdded": "v1_12_0" 819d125652eSGunnar Mills }, 820d125652eSGunnar Mills "SecretKeySet": { 821d125652eSGunnar Mills "description": "Indicates if the `SecretKey` property is set.", 822d125652eSGunnar Mills "longDescription": "This property shall contain `true` if a valid value was provided for the `SecretKey` property. Otherwise, the property shall contain `false`.", 823d125652eSGunnar Mills "readonly": true, 824d125652eSGunnar Mills "type": "boolean", 825d125652eSGunnar Mills "versionAdded": "v1_12_0" 826d125652eSGunnar Mills } 827d125652eSGunnar Mills }, 828d125652eSGunnar Mills "type": "object" 829d125652eSGunnar Mills }, 830d125652eSGunnar Mills "LDAPSearchSettings": { 831d125652eSGunnar Mills "additionalProperties": false, 832d125652eSGunnar Mills "description": "The settings to search a generic LDAP service.", 833d125652eSGunnar Mills "longDescription": "This type shall contain all required settings to search a generic LDAP service.", 834d125652eSGunnar Mills "patternProperties": { 835d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 836d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 837d125652eSGunnar Mills "type": [ 838d125652eSGunnar Mills "array", 839d125652eSGunnar Mills "boolean", 840d125652eSGunnar Mills "integer", 841d125652eSGunnar Mills "number", 842d125652eSGunnar Mills "null", 843d125652eSGunnar Mills "object", 844d125652eSGunnar Mills "string" 845d125652eSGunnar Mills ] 846d125652eSGunnar Mills } 847d125652eSGunnar Mills }, 848d125652eSGunnar Mills "properties": { 849d125652eSGunnar Mills "BaseDistinguishedNames": { 850d125652eSGunnar Mills "description": "The base distinguished names to use to search an external LDAP service.", 851d125652eSGunnar Mills "items": { 852d125652eSGunnar Mills "type": [ 853d125652eSGunnar Mills "string", 854d125652eSGunnar Mills "null" 855d125652eSGunnar Mills ] 856d125652eSGunnar Mills }, 857d125652eSGunnar Mills "longDescription": "This property shall contain an array of base distinguished names to use to search an external LDAP service.", 858d125652eSGunnar Mills "readonly": false, 859d125652eSGunnar Mills "type": "array", 860d125652eSGunnar Mills "versionAdded": "v1_3_0" 861d125652eSGunnar Mills }, 862d125652eSGunnar Mills "EmailAttribute": { 863d125652eSGunnar Mills "description": "The attribute name that contains the LDAP user's email address.", 864d125652eSGunnar Mills "longDescription": "This property shall contain the attribute name that contains the LDAP user's email address. If this value is not set by the user, or the property is not present, the value shall be `mail`.", 865d125652eSGunnar Mills "readonly": false, 866d125652eSGunnar Mills "type": [ 867d125652eSGunnar Mills "string", 868d125652eSGunnar Mills "null" 869d125652eSGunnar Mills ], 870d125652eSGunnar Mills "versionAdded": "v1_14_0" 871d125652eSGunnar Mills }, 872d125652eSGunnar Mills "GroupNameAttribute": { 873d125652eSGunnar Mills "description": "The attribute name that contains the LDAP group name entry.", 874d125652eSGunnar Mills "longDescription": "This property shall contain the attribute name that contains the LDAP group name.", 875d125652eSGunnar Mills "readonly": false, 876d125652eSGunnar Mills "type": [ 877d125652eSGunnar Mills "string", 878d125652eSGunnar Mills "null" 879d125652eSGunnar Mills ], 880d125652eSGunnar Mills "versionAdded": "v1_3_0" 881d125652eSGunnar Mills }, 882d125652eSGunnar Mills "GroupsAttribute": { 883d125652eSGunnar Mills "description": "The attribute name that contains the groups for a user on the LDAP user entry.", 884d125652eSGunnar Mills "longDescription": "This property shall contain the attribute name that contains the groups for an LDAP user entry.", 885d125652eSGunnar Mills "readonly": false, 886d125652eSGunnar Mills "type": [ 887d125652eSGunnar Mills "string", 888d125652eSGunnar Mills "null" 889d125652eSGunnar Mills ], 890d125652eSGunnar Mills "versionAdded": "v1_3_0" 891d125652eSGunnar Mills }, 892d125652eSGunnar Mills "SSHKeyAttribute": { 893d125652eSGunnar Mills "description": "The attribute name that contains the LDAP user's SSH public key entry.", 894d125652eSGunnar Mills "longDescription": "This property shall contain the attribute name that contains the LDAP user's SSH public key.", 895d125652eSGunnar Mills "readonly": false, 896d125652eSGunnar Mills "type": [ 897d125652eSGunnar Mills "string", 898d125652eSGunnar Mills "null" 899d125652eSGunnar Mills ], 900d125652eSGunnar Mills "versionAdded": "v1_11_0" 901d125652eSGunnar Mills }, 902d125652eSGunnar Mills "UsernameAttribute": { 903d125652eSGunnar Mills "description": "The attribute name that contains the LDAP username entry.", 904d125652eSGunnar Mills "longDescription": "This property shall contain the attribute name that contains the LDAP username.", 905d125652eSGunnar Mills "readonly": false, 906d125652eSGunnar Mills "type": [ 907d125652eSGunnar Mills "string", 908d125652eSGunnar Mills "null" 909d125652eSGunnar Mills ], 910d125652eSGunnar Mills "versionAdded": "v1_3_0" 911d125652eSGunnar Mills } 912d125652eSGunnar Mills }, 913d125652eSGunnar Mills "type": "object" 914d125652eSGunnar Mills }, 915d125652eSGunnar Mills "LDAPService": { 916d125652eSGunnar Mills "additionalProperties": false, 917d125652eSGunnar Mills "description": "The settings required to parse a generic LDAP service.", 918d125652eSGunnar Mills "longDescription": "This type shall contain all required settings to parse a generic LDAP service.", 919d125652eSGunnar Mills "patternProperties": { 920d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 921d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 922d125652eSGunnar Mills "type": [ 923d125652eSGunnar Mills "array", 924d125652eSGunnar Mills "boolean", 925d125652eSGunnar Mills "integer", 926d125652eSGunnar Mills "number", 927d125652eSGunnar Mills "null", 928d125652eSGunnar Mills "object", 929d125652eSGunnar Mills "string" 930d125652eSGunnar Mills ] 931d125652eSGunnar Mills } 932d125652eSGunnar Mills }, 933d125652eSGunnar Mills "properties": { 934d125652eSGunnar Mills "Oem": { 935d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 936d125652eSGunnar Mills "description": "The OEM extension property.", 937d125652eSGunnar Mills "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements.", 938d125652eSGunnar Mills "versionAdded": "v1_3_0" 939d125652eSGunnar Mills }, 940d125652eSGunnar Mills "SearchSettings": { 941d125652eSGunnar Mills "$ref": "#/definitions/LDAPSearchSettings", 942d125652eSGunnar Mills "description": "The required settings to search an external LDAP service.", 943d125652eSGunnar Mills "longDescription": "This property shall contain the required settings to search an external LDAP service.", 944d125652eSGunnar Mills "versionAdded": "v1_3_0" 945d125652eSGunnar Mills } 946d125652eSGunnar Mills }, 947d125652eSGunnar Mills "type": "object" 948d125652eSGunnar Mills }, 949d125652eSGunnar Mills "LocalAccountAuth": { 950d125652eSGunnar Mills "enum": [ 951d125652eSGunnar Mills "Enabled", 952d125652eSGunnar Mills "Disabled", 953d125652eSGunnar Mills "Fallback", 954d125652eSGunnar Mills "LocalFirst" 955d125652eSGunnar Mills ], 956d125652eSGunnar Mills "enumDescriptions": { 957d125652eSGunnar Mills "Disabled": "The service never authenticates users based on the account service-defined accounts collection.", 958d125652eSGunnar Mills "Enabled": "The service authenticates users based on the account service-defined accounts collection.", 959d125652eSGunnar Mills "Fallback": "The service authenticates users based on the account service-defined accounts collection only if any external account providers are currently unreachable.", 960d125652eSGunnar Mills "LocalFirst": "The service first authenticates users based on the account service-defined accounts collection. If authentication fails, the service authenticates by using external account providers." 961d125652eSGunnar Mills }, 962d125652eSGunnar Mills "enumLongDescriptions": { 963d125652eSGunnar Mills "Disabled": "The service shall never authenticate users based on the account service-defined manager accounts resource collection.", 964d125652eSGunnar Mills "Enabled": "The service shall authenticate users based on the account service-defined manager accounts resource collection.", 965d125652eSGunnar Mills "Fallback": "The service shall authenticate users based on the account service-defined manager accounts resource collection only if any external account providers are currently unreachable.", 966d125652eSGunnar Mills "LocalFirst": "The service shall first authenticate users based on the account service-defined manager accounts resource collection. If authentication fails, the service shall authenticate by using external account providers." 967d125652eSGunnar Mills }, 968d125652eSGunnar Mills "enumVersionAdded": { 969d125652eSGunnar Mills "LocalFirst": "v1_6_0" 970d125652eSGunnar Mills }, 971d125652eSGunnar Mills "type": "string" 972d125652eSGunnar Mills }, 973d125652eSGunnar Mills "MFABypass": { 974d125652eSGunnar Mills "additionalProperties": false, 975d125652eSGunnar Mills "description": "Multi-factor authentication bypass settings.", 976d125652eSGunnar Mills "longDescription": "This type shall contain multi-factor authentication bypass settings.", 977d125652eSGunnar Mills "patternProperties": { 978d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 979d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 980d125652eSGunnar Mills "type": [ 981d125652eSGunnar Mills "array", 982d125652eSGunnar Mills "boolean", 983d125652eSGunnar Mills "integer", 984d125652eSGunnar Mills "number", 985d125652eSGunnar Mills "null", 986d125652eSGunnar Mills "object", 987d125652eSGunnar Mills "string" 988d125652eSGunnar Mills ] 989d125652eSGunnar Mills } 990d125652eSGunnar Mills }, 991d125652eSGunnar Mills "properties": { 992d125652eSGunnar Mills "BypassTypes": { 993d125652eSGunnar Mills "description": "The types of multi-factor authentication this account or role mapping is allowed to bypass.", 994d125652eSGunnar Mills "items": { 995d125652eSGunnar Mills "anyOf": [ 996d125652eSGunnar Mills { 997d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/AccountService.json#/definitions/MFABypassType" 998d125652eSGunnar Mills }, 999d125652eSGunnar Mills { 1000d125652eSGunnar Mills "type": "null" 1001d125652eSGunnar Mills } 1002d125652eSGunnar Mills ] 1003d125652eSGunnar Mills }, 1004d125652eSGunnar Mills "longDescription": "This property shall contain the types of multi-factor authentication this account or role mapping is allowed to bypass. An empty array shall indicate this account or role mapping cannot bypass any multi-factor authentication types that are currently enabled.", 1005d125652eSGunnar Mills "readonly": false, 1006d125652eSGunnar Mills "type": "array", 1007d125652eSGunnar Mills "versionAdded": "v1_12_0" 1008d125652eSGunnar Mills } 1009d125652eSGunnar Mills }, 1010d125652eSGunnar Mills "type": "object" 1011d125652eSGunnar Mills }, 1012d125652eSGunnar Mills "MicrosoftAuthenticator": { 1013d125652eSGunnar Mills "additionalProperties": false, 1014d125652eSGunnar Mills "description": "Various settings for Microsoft Authenticator multi-factor authentication.", 1015d125652eSGunnar Mills "longDescription": "This type shall contain settings for Microsoft Authenticator multi-factor authentication.", 1016d125652eSGunnar Mills "patternProperties": { 1017d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1018d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1019d125652eSGunnar Mills "type": [ 1020d125652eSGunnar Mills "array", 1021d125652eSGunnar Mills "boolean", 1022d125652eSGunnar Mills "integer", 1023d125652eSGunnar Mills "number", 1024d125652eSGunnar Mills "null", 1025d125652eSGunnar Mills "object", 1026d125652eSGunnar Mills "string" 1027d125652eSGunnar Mills ] 1028d125652eSGunnar Mills } 1029d125652eSGunnar Mills }, 1030d125652eSGunnar Mills "properties": { 1031d125652eSGunnar Mills "Enabled": { 1032d125652eSGunnar Mills "description": "An indication of whether multi-factor authentication with Microsoft Authenticator is enabled.", 1033d125652eSGunnar Mills "longDescription": "This property shall indicate whether multi-factor authentication with Microsoft Authenticator is enabled.", 1034d125652eSGunnar Mills "readonly": false, 1035d125652eSGunnar Mills "type": [ 1036d125652eSGunnar Mills "boolean", 1037d125652eSGunnar Mills "null" 1038d125652eSGunnar Mills ], 1039d125652eSGunnar Mills "versionAdded": "v1_12_0" 1040d125652eSGunnar Mills }, 1041d125652eSGunnar Mills "SecretKey": { 1042d125652eSGunnar Mills "description": "The secret key to use when communicating with the Microsoft Authenticator server. This property is `null` in responses.", 1043d125652eSGunnar Mills "longDescription": "This property shall contain the client key to use when communicating with the Microsoft Authenticator server. The value shall be `null` in responses.", 1044d125652eSGunnar Mills "readonly": false, 1045d125652eSGunnar Mills "type": [ 1046d125652eSGunnar Mills "string", 1047d125652eSGunnar Mills "null" 1048d125652eSGunnar Mills ], 1049d125652eSGunnar Mills "versionAdded": "v1_12_0" 1050d125652eSGunnar Mills }, 1051d125652eSGunnar Mills "SecretKeySet": { 1052d125652eSGunnar Mills "description": "Indicates if the `SecretKey` property is set.", 1053d125652eSGunnar Mills "longDescription": "This property shall contain `true` if a valid value was provided for the `SecretKey` property. Otherwise, the property shall contain `false`.", 1054d125652eSGunnar Mills "readonly": true, 1055d125652eSGunnar Mills "type": "boolean", 1056d125652eSGunnar Mills "versionAdded": "v1_12_0" 1057d125652eSGunnar Mills } 1058d125652eSGunnar Mills }, 1059d125652eSGunnar Mills "type": "object" 1060d125652eSGunnar Mills }, 1061d125652eSGunnar Mills "MultiFactorAuth": { 1062d125652eSGunnar Mills "additionalProperties": false, 1063d125652eSGunnar Mills "description": "Multi-factor authentication settings.", 1064d125652eSGunnar Mills "longDescription": "This type shall contain multi-factor authentication settings.", 1065d125652eSGunnar Mills "patternProperties": { 1066d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1067d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1068d125652eSGunnar Mills "type": [ 1069d125652eSGunnar Mills "array", 1070d125652eSGunnar Mills "boolean", 1071d125652eSGunnar Mills "integer", 1072d125652eSGunnar Mills "number", 1073d125652eSGunnar Mills "null", 1074d125652eSGunnar Mills "object", 1075d125652eSGunnar Mills "string" 1076d125652eSGunnar Mills ] 1077d125652eSGunnar Mills } 1078d125652eSGunnar Mills }, 1079d125652eSGunnar Mills "properties": { 1080d125652eSGunnar Mills "ClientCertificate": { 1081d125652eSGunnar Mills "anyOf": [ 1082d125652eSGunnar Mills { 1083d125652eSGunnar Mills "$ref": "#/definitions/ClientCertificate" 1084d125652eSGunnar Mills }, 1085d125652eSGunnar Mills { 1086d125652eSGunnar Mills "type": "null" 1087d125652eSGunnar Mills } 1088d125652eSGunnar Mills ], 1089d125652eSGunnar Mills "description": "The settings related to client certificate authentication schemes such as mTLS or CAC/PIV.", 1090d125652eSGunnar Mills "longDescription": "This property shall contain the settings related to client certificate authentication.", 1091d125652eSGunnar Mills "versionAdded": "v1_12_0" 1092d125652eSGunnar Mills }, 1093d125652eSGunnar Mills "GoogleAuthenticator": { 1094d125652eSGunnar Mills "anyOf": [ 1095d125652eSGunnar Mills { 1096d125652eSGunnar Mills "$ref": "#/definitions/GoogleAuthenticator" 1097d125652eSGunnar Mills }, 1098d125652eSGunnar Mills { 1099d125652eSGunnar Mills "type": "null" 1100d125652eSGunnar Mills } 1101d125652eSGunnar Mills ], 1102d125652eSGunnar Mills "description": "The settings related to Google Authenticator multi-factor authentication. For generic Time-Based One-Time Password (TOTP) multi-factor authentication, use the `TimeBasedOneTimePassword` property.", 1103d125652eSGunnar Mills "longDescription": "This property shall contain the settings related to Google Authenticator multi-factor authentication.", 1104d125652eSGunnar Mills "versionAdded": "v1_12_0" 1105d125652eSGunnar Mills }, 1106d125652eSGunnar Mills "MicrosoftAuthenticator": { 1107d125652eSGunnar Mills "anyOf": [ 1108d125652eSGunnar Mills { 1109d125652eSGunnar Mills "$ref": "#/definitions/MicrosoftAuthenticator" 1110d125652eSGunnar Mills }, 1111d125652eSGunnar Mills { 1112d125652eSGunnar Mills "type": "null" 1113d125652eSGunnar Mills } 1114d125652eSGunnar Mills ], 1115d125652eSGunnar Mills "description": "The settings related to Microsoft Authenticator multi-factor authentication. For generic Time-Based One-Time Password (TOTP) multi-factor authentication, use the `TimeBasedOneTimePassword` property.", 1116d125652eSGunnar Mills "longDescription": "This property shall contain the settings related to Microsoft Authenticator multi-factor authentication.", 1117d125652eSGunnar Mills "versionAdded": "v1_12_0" 1118d125652eSGunnar Mills }, 1119d125652eSGunnar Mills "OneTimePasscode": { 1120d125652eSGunnar Mills "anyOf": [ 1121d125652eSGunnar Mills { 1122d125652eSGunnar Mills "$ref": "#/definitions/OneTimePasscode" 1123d125652eSGunnar Mills }, 1124d125652eSGunnar Mills { 1125d125652eSGunnar Mills "type": "null" 1126d125652eSGunnar Mills } 1127d125652eSGunnar Mills ], 1128d125652eSGunnar Mills "description": "The settings related to one-time passcode (OTP) multi-factor authentication.", 1129d125652eSGunnar Mills "longDescription": "This property shall contain the settings related to one-time passcode multi-factor authentication.", 1130d125652eSGunnar Mills "versionAdded": "v1_14_0" 1131d125652eSGunnar Mills }, 1132d125652eSGunnar Mills "SecurID": { 1133d125652eSGunnar Mills "anyOf": [ 1134d125652eSGunnar Mills { 1135d125652eSGunnar Mills "$ref": "#/definitions/SecurID" 1136d125652eSGunnar Mills }, 1137d125652eSGunnar Mills { 1138d125652eSGunnar Mills "type": "null" 1139d125652eSGunnar Mills } 1140d125652eSGunnar Mills ], 1141d125652eSGunnar Mills "description": "The settings related to RSA SecurID multi-factor authentication.", 1142d125652eSGunnar Mills "longDescription": "This property shall contain the settings related to RSA SecurID multi-factor authentication.", 1143d125652eSGunnar Mills "versionAdded": "v1_12_0" 1144d125652eSGunnar Mills }, 1145d125652eSGunnar Mills "TimeBasedOneTimePassword": { 1146d125652eSGunnar Mills "anyOf": [ 1147d125652eSGunnar Mills { 1148d125652eSGunnar Mills "$ref": "#/definitions/TimeBasedOneTimePassword" 1149d125652eSGunnar Mills }, 1150d125652eSGunnar Mills { 1151d125652eSGunnar Mills "type": "null" 1152d125652eSGunnar Mills } 1153d125652eSGunnar Mills ], 1154d125652eSGunnar Mills "description": "The settings related to Time-based One-Time Password (TOTP) multi-factor authentication.", 1155d125652eSGunnar Mills "longDescription": "This property shall contain the settings related to RFC6238-defined Time-based One-Time Password (TOTP) multi-factor authentication.", 1156d125652eSGunnar Mills "versionAdded": "v1_16_0" 1157d125652eSGunnar Mills } 1158d125652eSGunnar Mills }, 1159d125652eSGunnar Mills "type": "object" 1160d125652eSGunnar Mills }, 1161d125652eSGunnar Mills "OAuth2Mode": { 1162d125652eSGunnar Mills "enum": [ 1163d125652eSGunnar Mills "Discovery", 1164d125652eSGunnar Mills "Offline" 1165d125652eSGunnar Mills ], 1166d125652eSGunnar Mills "enumDescriptions": { 1167d125652eSGunnar Mills "Discovery": "OAuth 2.0 service information for token validation is downloaded by the service.", 1168d125652eSGunnar Mills "Offline": "OAuth 2.0 service information for token validation is configured by a client. Clients should configure the `Issuer` and `OAuthServiceSigningKeys` properties for this mode." 1169d125652eSGunnar Mills }, 1170d125652eSGunnar Mills "enumLongDescriptions": { 1171d125652eSGunnar Mills "Discovery": "This value shall indicate the service performs token validation from information found at the URIs specified by the `ServiceAddresses` property. Services shall implement a caching method of this information so it's not necessary to retrieve metadata and key information for every request containing a token.", 1172d125652eSGunnar Mills "Offline": "This value shall indicate the service performs token validation from properties configured by a client. Clients should configure the `Issuer` and `OAuthServiceSigningKeys` properties for this mode." 1173d125652eSGunnar Mills }, 1174d125652eSGunnar Mills "type": "string" 1175d125652eSGunnar Mills }, 1176d125652eSGunnar Mills "OAuth2Service": { 1177d125652eSGunnar Mills "additionalProperties": false, 1178d125652eSGunnar Mills "description": "Various settings to parse an OAuth 2.0 service.", 1179d125652eSGunnar Mills "longDescription": "This type shall contain settings for parsing an OAuth 2.0 service.", 1180d125652eSGunnar Mills "patternProperties": { 1181d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1182d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1183d125652eSGunnar Mills "type": [ 1184d125652eSGunnar Mills "array", 1185d125652eSGunnar Mills "boolean", 1186d125652eSGunnar Mills "integer", 1187d125652eSGunnar Mills "number", 1188d125652eSGunnar Mills "null", 1189d125652eSGunnar Mills "object", 1190d125652eSGunnar Mills "string" 1191d125652eSGunnar Mills ] 1192d125652eSGunnar Mills } 1193d125652eSGunnar Mills }, 1194d125652eSGunnar Mills "properties": { 1195d125652eSGunnar Mills "Audience": { 1196d125652eSGunnar Mills "description": "The allowable audience strings of the Redfish service.", 1197d125652eSGunnar Mills "items": { 1198d125652eSGunnar Mills "type": "string" 1199d125652eSGunnar Mills }, 1200d125652eSGunnar Mills "longDescription": "This property shall contain an array of allowable RFC7519-defined audience strings of the Redfish service. The values shall uniquely identify the Redfish service. For example, a MAC address or UUID for the manager can uniquely identify the service.", 1201d125652eSGunnar Mills "readonly": true, 1202d125652eSGunnar Mills "type": "array", 1203d125652eSGunnar Mills "versionAdded": "v1_10_0" 1204d125652eSGunnar Mills }, 1205d125652eSGunnar Mills "Issuer": { 1206d125652eSGunnar Mills "description": "The issuer string of the OAuth 2.0 service. Clients should configure this property if `Mode` contains `Offline`.", 1207d125652eSGunnar Mills "longDescription": "This property shall contain the RFC8414-defined issuer string of the OAuth 2.0 service. If the `Mode` property contains the value `Discovery`, this property shall contain the value of the `issuer` string from the OAuth 2.0 service's metadata and this property shall be read-only. Clients should configure this property if `Mode` contains `Offline`.", 1208d125652eSGunnar Mills "readonly": false, 1209d125652eSGunnar Mills "type": [ 1210d125652eSGunnar Mills "string", 1211d125652eSGunnar Mills "null" 1212d125652eSGunnar Mills ], 1213d125652eSGunnar Mills "versionAdded": "v1_10_0" 1214d125652eSGunnar Mills }, 1215d125652eSGunnar Mills "Mode": { 1216d125652eSGunnar Mills "$ref": "#/definitions/OAuth2Mode", 1217d125652eSGunnar Mills "description": "The mode of operation for token validation.", 1218d125652eSGunnar Mills "longDescription": "This property shall contain the mode of operation for token validation.", 1219d125652eSGunnar Mills "readonly": false, 1220d125652eSGunnar Mills "versionAdded": "v1_10_0" 1221d125652eSGunnar Mills }, 1222d125652eSGunnar Mills "OAuthServiceSigningKeys": { 1223d125652eSGunnar Mills "description": "The Base64-encoded signing keys of the issuer of the OAuth 2.0 service. Clients should configure this property if `Mode` contains `Offline`.", 1224d125652eSGunnar Mills "longDescription": "This property shall contain a Base64-encoded string, with padding characters, of the RFC7517-defined signing keys of the issuer of the OAuth 2.0 service. Services shall verify the token provided in the `Authorization` header of the request with the value of this property. If the `Mode` property contains the value `Discovery`, this property shall contain the keys found at the URI specified by the `jwks_uri` string from the OAuth 2.0 service's metadata and this property shall be read-only. Clients should configure this property if `Mode` contains `Offline`.", 1225d125652eSGunnar Mills "readonly": false, 1226d125652eSGunnar Mills "type": [ 1227d125652eSGunnar Mills "string", 1228d125652eSGunnar Mills "null" 1229d125652eSGunnar Mills ], 1230d125652eSGunnar Mills "versionAdded": "v1_10_0" 1231d125652eSGunnar Mills }, 1232d125652eSGunnar Mills "Oem": { 1233d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 1234d125652eSGunnar Mills "description": "The OEM extension property.", 1235d125652eSGunnar Mills "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements.", 1236d125652eSGunnar Mills "versionAdded": "v1_13_0" 1237d125652eSGunnar Mills } 1238d125652eSGunnar Mills }, 1239d125652eSGunnar Mills "type": "object" 1240d125652eSGunnar Mills }, 1241d125652eSGunnar Mills "OemActions": { 1242d125652eSGunnar Mills "additionalProperties": true, 1243d125652eSGunnar Mills "description": "The available OEM-specific actions for this resource.", 1244d125652eSGunnar Mills "longDescription": "This type shall contain the available OEM-specific actions for this resource.", 1245d125652eSGunnar Mills "patternProperties": { 1246d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1247d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1248d125652eSGunnar Mills "type": [ 1249d125652eSGunnar Mills "array", 1250d125652eSGunnar Mills "boolean", 1251d125652eSGunnar Mills "integer", 1252d125652eSGunnar Mills "number", 1253d125652eSGunnar Mills "null", 1254d125652eSGunnar Mills "object", 1255d125652eSGunnar Mills "string" 1256d125652eSGunnar Mills ] 1257d125652eSGunnar Mills } 1258d125652eSGunnar Mills }, 1259d125652eSGunnar Mills "properties": {}, 1260d125652eSGunnar Mills "type": "object" 1261d125652eSGunnar Mills }, 1262d125652eSGunnar Mills "OneTimePasscode": { 1263d125652eSGunnar Mills "additionalProperties": false, 1264d125652eSGunnar Mills "description": "Various settings for one-time passcode (OTP) multi-factor authentication.", 1265d125652eSGunnar Mills "longDescription": "This type shall contain settings for one-time passcode (OTP) multi-factor authentication.", 1266d125652eSGunnar Mills "patternProperties": { 1267d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1268d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1269d125652eSGunnar Mills "type": [ 1270d125652eSGunnar Mills "array", 1271d125652eSGunnar Mills "boolean", 1272d125652eSGunnar Mills "integer", 1273d125652eSGunnar Mills "number", 1274d125652eSGunnar Mills "null", 1275d125652eSGunnar Mills "object", 1276d125652eSGunnar Mills "string" 1277d125652eSGunnar Mills ] 1278d125652eSGunnar Mills } 1279d125652eSGunnar Mills }, 1280d125652eSGunnar Mills "properties": { 1281d125652eSGunnar Mills "Enabled": { 1282d125652eSGunnar Mills "description": "An indication of whether multi-factor authentication using a one-time passcode is enabled.", 1283d125652eSGunnar Mills "longDescription": "This property shall indicate whether multi-factor authentication using a one-time passcode is enabled. The passcode is sent to the delivery address associated with the account credentials provided in the request. If the credentials are associated with a `ManagerAccount` resource, the delivery address is specified by the `OneTimePasscodeDeliveryAddress` property. If the credentials are associated with a user from an LDAP account provider, the delivery address is contained in the LDAP attribute specified by the `EmailAttribute` property. An attempt to create a session when the `Token` property is not included in the request shall generate a message sent to the delivery address, using the SMTP settings from the Redfish event service, containing a one-time passcode. The service shall accept the one-time passcode as the valid value for the `Token` property in the next `POST` operation to create a session for the respective account.", 1284d125652eSGunnar Mills "readonly": false, 1285d125652eSGunnar Mills "type": [ 1286d125652eSGunnar Mills "boolean", 1287d125652eSGunnar Mills "null" 1288d125652eSGunnar Mills ], 1289d125652eSGunnar Mills "versionAdded": "v1_14_0" 1290d125652eSGunnar Mills } 1291d125652eSGunnar Mills }, 1292d125652eSGunnar Mills "type": "object" 1293d125652eSGunnar Mills }, 1294d125652eSGunnar Mills "RoleMapping": { 1295d125652eSGunnar Mills "additionalProperties": false, 1296d125652eSGunnar Mills "description": "The mapping rules that are used to convert the external account providers account information to the local Redfish role.", 1297d125652eSGunnar Mills "longDescription": "This type shall contain mapping rules that are used to convert the external account providers account information to the local Redfish role.", 1298d125652eSGunnar Mills "patternProperties": { 1299d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1300d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1301d125652eSGunnar Mills "type": [ 1302d125652eSGunnar Mills "array", 1303d125652eSGunnar Mills "boolean", 1304d125652eSGunnar Mills "integer", 1305d125652eSGunnar Mills "number", 1306d125652eSGunnar Mills "null", 1307d125652eSGunnar Mills "object", 1308d125652eSGunnar Mills "string" 1309d125652eSGunnar Mills ] 1310d125652eSGunnar Mills } 1311d125652eSGunnar Mills }, 1312d125652eSGunnar Mills "properties": { 1313d125652eSGunnar Mills "LocalAccountTypes": { 1314d125652eSGunnar Mills "description": "The list of local services in the manager that the remote user or group is allowed to access.", 1315d125652eSGunnar Mills "items": { 1316d125652eSGunnar Mills "anyOf": [ 1317d125652eSGunnar Mills { 1318d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/ManagerAccount.json#/definitions/AccountTypes" 1319d125652eSGunnar Mills }, 1320d125652eSGunnar Mills { 1321d125652eSGunnar Mills "type": "null" 1322d125652eSGunnar Mills } 1323d125652eSGunnar Mills ] 1324d125652eSGunnar Mills }, 1325d125652eSGunnar Mills "longDescription": "This property shall contain an array of the various local manager services that the remote user or group is allowed to access. This shall not include functionality for receiving events or other notifications. If this property is not supported, the value shall be assumed to be an array that contains the value `Redfish`.", 1326d125652eSGunnar Mills "readonly": false, 1327d125652eSGunnar Mills "type": "array", 1328d125652eSGunnar Mills "versionAdded": "v1_16_0" 1329d125652eSGunnar Mills }, 1330d125652eSGunnar Mills "LocalOEMAccountTypes": { 1331d125652eSGunnar Mills "description": "The OEM account types for the remote user or group.", 1332d125652eSGunnar Mills "items": { 1333d125652eSGunnar Mills "type": [ 1334d125652eSGunnar Mills "string", 1335d125652eSGunnar Mills "null" 1336d125652eSGunnar Mills ] 1337d125652eSGunnar Mills }, 1338d125652eSGunnar Mills "longDescription": "This property shall contain an array of the OEM account types for the remote user or group when `LocalAccountTypes` contains `OEM`.", 1339d125652eSGunnar Mills "readonly": false, 1340d125652eSGunnar Mills "type": "array", 1341d125652eSGunnar Mills "versionAdded": "v1_16_0" 1342d125652eSGunnar Mills }, 1343d125652eSGunnar Mills "LocalRole": { 1344d125652eSGunnar Mills "description": "The name of the local Redfish role to which to map the remote user or group.", 1345d125652eSGunnar Mills "longDescription": "This property shall contain the `RoleId` property value within a role resource on this Redfish service to which to map the remote user or group.", 1346d125652eSGunnar Mills "readonly": false, 1347d125652eSGunnar Mills "type": [ 1348d125652eSGunnar Mills "string", 1349d125652eSGunnar Mills "null" 1350d125652eSGunnar Mills ], 1351d125652eSGunnar Mills "versionAdded": "v1_3_0" 1352d125652eSGunnar Mills }, 1353d125652eSGunnar Mills "MFABypass": { 1354d125652eSGunnar Mills "anyOf": [ 1355d125652eSGunnar Mills { 1356d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/AccountService.json#/definitions/MFABypass" 1357d125652eSGunnar Mills }, 1358d125652eSGunnar Mills { 1359d125652eSGunnar Mills "type": "null" 1360d125652eSGunnar Mills } 1361d125652eSGunnar Mills ], 1362d125652eSGunnar Mills "description": "The multi-factor authentication bypass settings.", 1363d125652eSGunnar Mills "longDescription": "This property shall contain the multi-factor authentication bypass settings.", 1364d125652eSGunnar Mills "versionAdded": "v1_12_0" 1365d125652eSGunnar Mills }, 1366d125652eSGunnar Mills "Oem": { 1367d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 1368d125652eSGunnar Mills "description": "The OEM extension property.", 1369d125652eSGunnar Mills "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements.", 1370d125652eSGunnar Mills "versionAdded": "v1_3_0" 1371d125652eSGunnar Mills }, 1372d125652eSGunnar Mills "RemoteGroup": { 1373d125652eSGunnar Mills "description": "The name of the remote group, or the remote role in the case of a Redfish service, that maps to the local Redfish role to which this entity links.", 1374d125652eSGunnar Mills "longDescription": "This property shall contain the name of the remote group, or the remote role in the case of a Redfish service, that maps to the local Redfish role to which this entity links.", 1375d125652eSGunnar Mills "readonly": false, 1376d125652eSGunnar Mills "type": [ 1377d125652eSGunnar Mills "string", 1378d125652eSGunnar Mills "null" 1379d125652eSGunnar Mills ], 1380d125652eSGunnar Mills "versionAdded": "v1_3_0" 1381d125652eSGunnar Mills }, 1382d125652eSGunnar Mills "RemoteUser": { 1383d125652eSGunnar Mills "description": "The name of the remote user that maps to the local Redfish role to which this entity links.", 1384d125652eSGunnar Mills "longDescription": "This property shall contain the name of the remote user that maps to the local Redfish role to which this entity links.", 1385d125652eSGunnar Mills "readonly": false, 1386d125652eSGunnar Mills "type": [ 1387d125652eSGunnar Mills "string", 1388d125652eSGunnar Mills "null" 1389d125652eSGunnar Mills ], 1390d125652eSGunnar Mills "versionAdded": "v1_3_0" 1391d125652eSGunnar Mills } 1392d125652eSGunnar Mills }, 1393d125652eSGunnar Mills "type": "object" 1394d125652eSGunnar Mills }, 1395d125652eSGunnar Mills "SecurID": { 1396d125652eSGunnar Mills "additionalProperties": false, 1397d125652eSGunnar Mills "description": "Various settings for RSA SecurID multi-factor authentication.", 1398d125652eSGunnar Mills "longDescription": "This type shall contain settings for RSA SecurID multi-factor authentication.", 1399d125652eSGunnar Mills "patternProperties": { 1400d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1401d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1402d125652eSGunnar Mills "type": [ 1403d125652eSGunnar Mills "array", 1404d125652eSGunnar Mills "boolean", 1405d125652eSGunnar Mills "integer", 1406d125652eSGunnar Mills "number", 1407d125652eSGunnar Mills "null", 1408d125652eSGunnar Mills "object", 1409d125652eSGunnar Mills "string" 1410d125652eSGunnar Mills ] 1411d125652eSGunnar Mills } 1412d125652eSGunnar Mills }, 1413d125652eSGunnar Mills "properties": { 1414d125652eSGunnar Mills "Certificates": { 1415d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/CertificateCollection.json#/definitions/CertificateCollection", 1416d125652eSGunnar Mills "description": "The link to a collection of server certificates for the RSA SecurID server referenced by the `ServerURI` property.", 1417d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource collection of type `CertificateCollection` that represent the server certificates for the RSA SecurID server referenced by the `ServerURI` property. Regardless of the contents of this collection, services may perform additional verification based on other factors, such as the configuration of the `SecurityPolicy` resource.", 1418d125652eSGunnar Mills "readonly": true, 1419d125652eSGunnar Mills "versionAdded": "v1_12_0" 1420d125652eSGunnar Mills }, 1421d125652eSGunnar Mills "ClientId": { 1422d125652eSGunnar Mills "description": "The client ID to use when communicating with the RSA SecurID server.", 1423d125652eSGunnar Mills "longDescription": "This property shall contain the client ID to use when communicating with the RSA SecurID server.", 1424d125652eSGunnar Mills "readonly": false, 1425d125652eSGunnar Mills "type": [ 1426d125652eSGunnar Mills "string", 1427d125652eSGunnar Mills "null" 1428d125652eSGunnar Mills ], 1429d125652eSGunnar Mills "versionAdded": "v1_12_0" 1430d125652eSGunnar Mills }, 1431d125652eSGunnar Mills "ClientSecret": { 1432d125652eSGunnar Mills "description": "The client secret to use when communicating with the RSA SecurID server. This property is `null` in responses.", 1433d125652eSGunnar Mills "longDescription": "This property shall contain the client secret to use when communicating with the RSA SecurID server. The value shall be `null` in responses.", 1434d125652eSGunnar Mills "readonly": false, 1435d125652eSGunnar Mills "type": [ 1436d125652eSGunnar Mills "string", 1437d125652eSGunnar Mills "null" 1438d125652eSGunnar Mills ], 1439d125652eSGunnar Mills "versionAdded": "v1_12_0" 1440d125652eSGunnar Mills }, 1441d125652eSGunnar Mills "ClientSecretSet": { 1442d125652eSGunnar Mills "description": "Indicates if the `ClientSecret` property is set.", 1443d125652eSGunnar Mills "longDescription": "This property shall contain `true` if a valid value was provided for the `ClientSecret` property. Otherwise, the property shall contain `false`.", 1444d125652eSGunnar Mills "readonly": true, 1445d125652eSGunnar Mills "type": "boolean", 1446d125652eSGunnar Mills "versionAdded": "v1_12_0" 1447d125652eSGunnar Mills }, 1448d125652eSGunnar Mills "Enabled": { 1449d125652eSGunnar Mills "description": "An indication of whether multi-factor authentication with RSA SecurID is enabled.", 1450d125652eSGunnar Mills "longDescription": "This property shall indicate whether multi-factor authentication with RSA SecurID is enabled.", 1451d125652eSGunnar Mills "readonly": false, 1452d125652eSGunnar Mills "type": [ 1453d125652eSGunnar Mills "boolean", 1454d125652eSGunnar Mills "null" 1455d125652eSGunnar Mills ], 1456d125652eSGunnar Mills "versionAdded": "v1_12_0" 1457d125652eSGunnar Mills }, 1458d125652eSGunnar Mills "ServerURI": { 1459d125652eSGunnar Mills "description": "The URI of the RSA SecurID server.", 1460d125652eSGunnar Mills "format": "uri-reference", 1461d125652eSGunnar Mills "longDescription": "This property shall contain the URI of the RSA SecurID server.", 1462d125652eSGunnar Mills "readonly": false, 1463d125652eSGunnar Mills "type": [ 1464d125652eSGunnar Mills "string", 1465d125652eSGunnar Mills "null" 1466d125652eSGunnar Mills ], 1467d125652eSGunnar Mills "versionAdded": "v1_12_0" 1468d125652eSGunnar Mills } 1469d125652eSGunnar Mills }, 1470d125652eSGunnar Mills "type": "object" 1471d125652eSGunnar Mills }, 1472d125652eSGunnar Mills "TACACSplusPasswordExchangeProtocol": { 1473d125652eSGunnar Mills "enum": [ 1474d125652eSGunnar Mills "ASCII", 1475d125652eSGunnar Mills "PAP", 1476d125652eSGunnar Mills "CHAP", 1477d125652eSGunnar Mills "MSCHAPv1", 1478d125652eSGunnar Mills "MSCHAPv2" 1479d125652eSGunnar Mills ], 1480d125652eSGunnar Mills "enumDescriptions": { 1481d125652eSGunnar Mills "ASCII": "The ASCII Login method.", 1482d125652eSGunnar Mills "CHAP": "The CHAP Login method.", 1483d125652eSGunnar Mills "MSCHAPv1": "The MS-CHAP v1 Login method.", 1484d125652eSGunnar Mills "MSCHAPv2": "The MS-CHAP v2 Login method.", 1485d125652eSGunnar Mills "PAP": "The PAP Login method." 1486d125652eSGunnar Mills }, 1487d125652eSGunnar Mills "enumLongDescriptions": { 1488d125652eSGunnar Mills "ASCII": "This value shall indicate the ASCII Login flow as described under section 5.4.2 of RFC8907.", 1489d125652eSGunnar Mills "CHAP": "This value shall indicate the CHAP Login flow as described under section 5.4.2 of RFC8907.", 1490d125652eSGunnar Mills "MSCHAPv1": "This value shall indicate the MS-CHAP v1 Login flow as described under section 5.4.2 of RFC8907.", 1491d125652eSGunnar Mills "MSCHAPv2": "This value shall indicate the MS-CHAP v2 Login flow as described under section 5.4.2 of RFC8907.", 1492d125652eSGunnar Mills "PAP": "This value shall indicate the PAP Login flow as described under section 5.4.2 of RFC8907." 1493d125652eSGunnar Mills }, 1494d125652eSGunnar Mills "type": "string" 1495d125652eSGunnar Mills }, 1496d125652eSGunnar Mills "TACACSplusService": { 1497d125652eSGunnar Mills "additionalProperties": false, 1498d125652eSGunnar Mills "description": "Various settings to parse a TACACS+ service.", 1499d125652eSGunnar Mills "longDescription": "This type shall contain settings for parsing a TACACS+ service.", 1500d125652eSGunnar Mills "patternProperties": { 1501d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1502d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1503d125652eSGunnar Mills "type": [ 1504d125652eSGunnar Mills "array", 1505d125652eSGunnar Mills "boolean", 1506d125652eSGunnar Mills "integer", 1507d125652eSGunnar Mills "number", 1508d125652eSGunnar Mills "null", 1509d125652eSGunnar Mills "object", 1510d125652eSGunnar Mills "string" 1511d125652eSGunnar Mills ] 1512d125652eSGunnar Mills } 1513d125652eSGunnar Mills }, 1514d125652eSGunnar Mills "properties": { 1515d125652eSGunnar Mills "AuthorizationService": { 1516d125652eSGunnar Mills "description": "The TACACS+ service authorization argument.", 1517d125652eSGunnar Mills "longDescription": "This property shall contain the TACACS+ service authorization argument as defined by section 8.2 of RFC8907. If this property is not present, the service defines the value to provide to the TACACS+ server.", 1518d125652eSGunnar Mills "readonly": false, 1519d125652eSGunnar Mills "type": "string", 1520d125652eSGunnar Mills "versionAdded": "v1_13_0" 1521d125652eSGunnar Mills }, 1522d125652eSGunnar Mills "Oem": { 1523d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 1524d125652eSGunnar Mills "description": "The OEM extension property.", 1525d125652eSGunnar Mills "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements.", 1526d125652eSGunnar Mills "versionAdded": "v1_13_0" 1527d125652eSGunnar Mills }, 1528d125652eSGunnar Mills "PasswordExchangeProtocols": { 1529d125652eSGunnar Mills "description": "Indicates the allowed TACACS+ password exchange protocols.", 1530d125652eSGunnar Mills "items": { 1531d125652eSGunnar Mills "anyOf": [ 1532d125652eSGunnar Mills { 1533d125652eSGunnar Mills "$ref": "#/definitions/TACACSplusPasswordExchangeProtocol" 1534d125652eSGunnar Mills }, 1535d125652eSGunnar Mills { 1536d125652eSGunnar Mills "type": "null" 1537d125652eSGunnar Mills } 1538d125652eSGunnar Mills ] 1539d125652eSGunnar Mills }, 1540d125652eSGunnar Mills "longDescription": "This property shall indicate all the allowed TACACS+ password exchange protocol described under section 5.4.2 of RFC8907.", 1541d125652eSGunnar Mills "readonly": false, 1542d125652eSGunnar Mills "type": "array", 1543d125652eSGunnar Mills "versionAdded": "v1_8_0" 1544d125652eSGunnar Mills }, 1545d125652eSGunnar Mills "PrivilegeLevelArgument": { 1546d125652eSGunnar Mills "description": "Indicates the name of the TACACS+ argument name in an authorization request.", 1547d125652eSGunnar Mills "longDescription": "This property shall specify the name of the argument in a TACACS+ Authorization REPLY packet body, as defined in RFC8907, that contains the user's privilege level.", 1548d125652eSGunnar Mills "readonly": false, 1549d125652eSGunnar Mills "type": [ 1550d125652eSGunnar Mills "string", 1551d125652eSGunnar Mills "null" 1552d125652eSGunnar Mills ], 1553d125652eSGunnar Mills "versionAdded": "v1_8_0" 1554d125652eSGunnar Mills } 1555d125652eSGunnar Mills }, 1556d125652eSGunnar Mills "type": "object" 1557d125652eSGunnar Mills }, 1558d125652eSGunnar Mills "TimeBasedOneTimePassword": { 1559d125652eSGunnar Mills "additionalProperties": false, 1560d125652eSGunnar Mills "description": "Various settings for Time-based One-Time Password (TOTP) multi-factor authentication.", 1561d125652eSGunnar Mills "longDescription": "This type shall contain settings for RFC6238-defined Time-based One-Time Password (TOTP) multi-factor authentication.", 1562d125652eSGunnar Mills "patternProperties": { 1563d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1564d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1565d125652eSGunnar Mills "type": [ 1566d125652eSGunnar Mills "array", 1567d125652eSGunnar Mills "boolean", 1568d125652eSGunnar Mills "integer", 1569d125652eSGunnar Mills "number", 1570d125652eSGunnar Mills "null", 1571d125652eSGunnar Mills "object", 1572d125652eSGunnar Mills "string" 1573d125652eSGunnar Mills ] 1574d125652eSGunnar Mills } 1575d125652eSGunnar Mills }, 1576d125652eSGunnar Mills "properties": { 1577d125652eSGunnar Mills "Enabled": { 1578d125652eSGunnar Mills "description": "An indication of whether multi-factor authentication with a Time-based One-Time Password (TOTP) is enabled.", 1579d125652eSGunnar Mills "longDescription": "This property shall indicate whether multi-factor authentication with an RFC6238-defined Time-based One-Time Password (TOTP) is enabled.", 1580d125652eSGunnar Mills "readonly": false, 1581d125652eSGunnar Mills "type": [ 1582d125652eSGunnar Mills "boolean", 1583d125652eSGunnar Mills "null" 1584d125652eSGunnar Mills ], 1585d125652eSGunnar Mills "versionAdded": "v1_16_0" 1586d125652eSGunnar Mills }, 1587d125652eSGunnar Mills "TimeStepSeconds": { 1588d125652eSGunnar Mills "description": "The time step, in seconds, for calculating the one-time password.", 1589d125652eSGunnar Mills "longDescription": "This property shall contain the RFC6238-defined time step, in seconds, for calculating the one-time password. If this property is not supported by the service, it shall be assumed to be `30`.", 1590d125652eSGunnar Mills "minimum": 1, 1591d125652eSGunnar Mills "readonly": false, 1592d125652eSGunnar Mills "type": [ 1593d125652eSGunnar Mills "integer", 1594d125652eSGunnar Mills "null" 1595d125652eSGunnar Mills ], 1596d125652eSGunnar Mills "versionAdded": "v1_16_0" 1597d125652eSGunnar Mills } 1598d125652eSGunnar Mills }, 1599d125652eSGunnar Mills "type": "object" 1600d125652eSGunnar Mills } 1601d125652eSGunnar Mills }, 1602d125652eSGunnar Mills "language": "en", 1603d125652eSGunnar Mills "owningEntity": "DMTF", 1604d125652eSGunnar Mills "release": "2025.1", 1605d125652eSGunnar Mills "title": "#AccountService.v1_18_0.AccountService" 1606d125652eSGunnar Mills}