1*d125652eSGunnar Mills{ 2*d125652eSGunnar Mills "$id": "http://redfish.dmtf.org/schemas/v1/AccountService.v1_18_0.json", 3*d125652eSGunnar Mills "$ref": "#/definitions/AccountService", 4*d125652eSGunnar Mills "$schema": "http://redfish.dmtf.org/schemas/v1/redfish-schema-v1.json", 5*d125652eSGunnar Mills "copyright": "Copyright 2014-2025 DMTF. For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright", 6*d125652eSGunnar Mills "definitions": { 7*d125652eSGunnar Mills "AccountProviderTypes": { 8*d125652eSGunnar Mills "enum": [ 9*d125652eSGunnar Mills "RedfishService", 10*d125652eSGunnar Mills "ActiveDirectoryService", 11*d125652eSGunnar Mills "LDAPService", 12*d125652eSGunnar Mills "OEM", 13*d125652eSGunnar Mills "TACACSplus", 14*d125652eSGunnar Mills "OAuth2" 15*d125652eSGunnar Mills ], 16*d125652eSGunnar Mills "enumDescriptions": { 17*d125652eSGunnar Mills "ActiveDirectoryService": "An external Active Directory service.", 18*d125652eSGunnar Mills "LDAPService": "A generic external LDAP service.", 19*d125652eSGunnar Mills "OAuth2": "An external OAuth 2.0 service.", 20*d125652eSGunnar Mills "OEM": "An OEM-specific external authentication or directory service.", 21*d125652eSGunnar Mills "RedfishService": "An external Redfish service.", 22*d125652eSGunnar Mills "TACACSplus": "An external TACACS+ service." 23*d125652eSGunnar Mills }, 24*d125652eSGunnar Mills "enumLongDescriptions": { 25*d125652eSGunnar Mills "ActiveDirectoryService": "The external account provider shall be a Microsoft Active Directory Technical Specification-conformant service. The `ServiceAddresses` property shall contain fully qualified domain names (FQDN) or NetBIOS names that link to the domain servers for the Active Directory service.", 26*d125652eSGunnar Mills "LDAPService": "The external account provider shall be an RFC4511-conformant service. The `ServiceAddresses` property shall contain RFC3986-defined URIs in the format `scheme://host:port`, where `scheme://` and `:port` are optional, that link to the LDAP servers for the service. If the scheme is not specified, services shall assume it is `ldaps://`. If the port is not specified, services shall assume it is `636`. For example, `ldaps://contoso.com:636` or `contoso.com`.", 27*d125652eSGunnar Mills "OAuth2": "The external account provider shall be an RFC6749-conformant service. The `ServiceAddresses` property shall contain RFC3986-defined URIs that correspond to the RFC8414-defined metadata for the OAuth 2.0 service. For example, `https://contoso.org/.well-known/oauth-authorization-server`.", 28*d125652eSGunnar Mills "RedfishService": "The external account provider shall be a DMTF Redfish Specification-conformant service. The `ServiceAddresses` property shall contain URIs to `AccountService` resources that correspond to Redfish services. For example, `https://192.168.1.50/redfish/v1/AccountService`.", 29*d125652eSGunnar Mills "TACACSplus": "The external account provider shall be an RFC8907-conformant service. The `ServiceAddresses` property shall contain RFC3986-defined URIs in the format `host:port` that correspond to the TACACS+ services." 30*d125652eSGunnar Mills }, 31*d125652eSGunnar Mills "enumVersionAdded": { 32*d125652eSGunnar Mills "OAuth2": "v1_10_0", 33*d125652eSGunnar Mills "TACACSplus": "v1_8_0" 34*d125652eSGunnar Mills }, 35*d125652eSGunnar Mills "type": "string" 36*d125652eSGunnar Mills }, 37*d125652eSGunnar Mills "AccountService": { 38*d125652eSGunnar Mills "additionalProperties": false, 39*d125652eSGunnar Mills "description": "The `AccountService` schema defines an account service. The properties are common to, and enable management of, all user accounts. The properties include the password requirements and control features, such as account lockout. Properties and actions in this service specify general behavior that should be followed for typical accounts, however implementations might override these behaviors for special accounts or situations to avoid denial of service or other deadlock situations.", 40*d125652eSGunnar Mills "longDescription": "This resource shall represent an account service for a Redfish implementation. The properties are common to, and enable management of, all user accounts. The properties include the password requirements and control features, such as account lockout. Properties and actions in this service specify general behavior that should be followed for typical accounts, however implementations may override these behaviors for special accounts or situations to avoid denial of service or other deadlock situations.", 41*d125652eSGunnar Mills "patternProperties": { 42*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 43*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 44*d125652eSGunnar Mills "type": [ 45*d125652eSGunnar Mills "array", 46*d125652eSGunnar Mills "boolean", 47*d125652eSGunnar Mills "integer", 48*d125652eSGunnar Mills "number", 49*d125652eSGunnar Mills "null", 50*d125652eSGunnar Mills "object", 51*d125652eSGunnar Mills "string" 52*d125652eSGunnar Mills ] 53*d125652eSGunnar Mills } 54*d125652eSGunnar Mills }, 55*d125652eSGunnar Mills "properties": { 56*d125652eSGunnar Mills "@odata.context": { 57*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/context" 58*d125652eSGunnar Mills }, 59*d125652eSGunnar Mills "@odata.etag": { 60*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/etag" 61*d125652eSGunnar Mills }, 62*d125652eSGunnar Mills "@odata.id": { 63*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/id" 64*d125652eSGunnar Mills }, 65*d125652eSGunnar Mills "@odata.type": { 66*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/type" 67*d125652eSGunnar Mills }, 68*d125652eSGunnar Mills "AccountLockoutCounterResetAfter": { 69*d125652eSGunnar Mills "description": "The period of time, in seconds, between the last failed login attempt and the reset of the lockout threshold counter. This value must be less than or equal to the `AccountLockoutDuration` value. A reset sets the counter to `0`.", 70*d125652eSGunnar Mills "longDescription": "This property shall contain the period of time, in seconds, from the last failed login attempt when the `AccountLockoutThreshold` counter, which counts the number of failed login attempts, is reset to `0`. Then, `AccountLockoutThreshold` failures are required before the account is locked. This value shall be less than or equal to the `AccountLockoutDuration` value. The threshold counter also resets to `0` after each successful login. If the `AccountLockoutCounterResetEnabled` value is `false`, this property shall be ignored.", 71*d125652eSGunnar Mills "minimum": 0, 72*d125652eSGunnar Mills "readonly": false, 73*d125652eSGunnar Mills "type": "integer", 74*d125652eSGunnar Mills "units": "s" 75*d125652eSGunnar Mills }, 76*d125652eSGunnar Mills "AccountLockoutCounterResetEnabled": { 77*d125652eSGunnar Mills "description": "An indication of whether the threshold counter is reset after `AccountLockoutCounterResetAfter` expires. If `true`, it is reset. If `false`, only a successful login resets the threshold counter and if the user reaches the `AccountLockoutThreshold` limit, the account will be locked out indefinitely and only an administrator-issued reset clears the threshold counter. If this property is absent, the default is `true`.", 78*d125652eSGunnar Mills "longDescription": "This property shall indicate whether the threshold counter is reset after the `AccountLockoutCounterResetAfter` expires. If `true`, it is reset. If `false`, only a successful login resets the threshold counter and if the user reaches the `AccountLockoutThreshold` limit, the account shall be locked out indefinitely and only an administrator-issued reset clears the threshold counter. If this property is absent, the default is `true`.", 79*d125652eSGunnar Mills "readonly": false, 80*d125652eSGunnar Mills "type": "boolean", 81*d125652eSGunnar Mills "versionAdded": "v1_5_0" 82*d125652eSGunnar Mills }, 83*d125652eSGunnar Mills "AccountLockoutDuration": { 84*d125652eSGunnar Mills "description": "The period of time, in seconds, that an account is locked after the number of failed login attempts reaches the account lockout threshold, within the period between the last failed login attempt and the reset of the lockout threshold counter. If this value is `0`, no lockout will occur. If the `AccountLockoutCounterResetEnabled` value is `false`, this property is ignored.", 85*d125652eSGunnar Mills "longDescription": "This property shall contain the period of time, in seconds, that an account is locked after the number of failed login attempts reaches the `AccountLockoutThreshold` value, within the `AccountLockoutCounterResetAfter` window of time. The value shall be greater than or equal to the `AccountLockoutCounterResetAfter` value. If this value is `0`, no lockout shall occur. If `AccountLockoutCounterResetEnabled` value is `false`, this property shall be ignored.", 86*d125652eSGunnar Mills "minimum": 0, 87*d125652eSGunnar Mills "readonly": false, 88*d125652eSGunnar Mills "type": [ 89*d125652eSGunnar Mills "integer", 90*d125652eSGunnar Mills "null" 91*d125652eSGunnar Mills ], 92*d125652eSGunnar Mills "units": "s" 93*d125652eSGunnar Mills }, 94*d125652eSGunnar Mills "AccountLockoutThreshold": { 95*d125652eSGunnar Mills "description": "The number of allowed failed login attempts before a user account is locked for a specified duration. If `0`, the account is never locked.", 96*d125652eSGunnar Mills "longDescription": "This property shall contain the threshold of failed login attempts before a user account is locked. If `0`, the account shall never be locked.", 97*d125652eSGunnar Mills "minimum": 0, 98*d125652eSGunnar Mills "readonly": false, 99*d125652eSGunnar Mills "type": [ 100*d125652eSGunnar Mills "integer", 101*d125652eSGunnar Mills "null" 102*d125652eSGunnar Mills ] 103*d125652eSGunnar Mills }, 104*d125652eSGunnar Mills "Accounts": { 105*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/ManagerAccountCollection.json#/definitions/ManagerAccountCollection", 106*d125652eSGunnar Mills "description": "The collection of manager accounts.", 107*d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource collection of type `ManagerAccountCollection`.", 108*d125652eSGunnar Mills "readonly": true 109*d125652eSGunnar Mills }, 110*d125652eSGunnar Mills "Actions": { 111*d125652eSGunnar Mills "$ref": "#/definitions/Actions", 112*d125652eSGunnar Mills "description": "The available actions for this resource.", 113*d125652eSGunnar Mills "longDescription": "This property shall contain the available actions for this resource.", 114*d125652eSGunnar Mills "versionAdded": "v1_2_0" 115*d125652eSGunnar Mills }, 116*d125652eSGunnar Mills "ActiveDirectory": { 117*d125652eSGunnar Mills "$ref": "#/definitions/ExternalAccountProvider", 118*d125652eSGunnar Mills "description": "The first Active Directory external account provider that this account service supports.", 119*d125652eSGunnar Mills "longDescription": "This property shall contain the first Active Directory external account provider that this account service supports. If the account service supports one or more Active Directory services as an external account provider, this entity shall be populated by default. This entity shall not be present in the additional external account providers resource collection.", 120*d125652eSGunnar Mills "versionAdded": "v1_3_0" 121*d125652eSGunnar Mills }, 122*d125652eSGunnar Mills "AdditionalExternalAccountProviders": { 123*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/ExternalAccountProviderCollection.json#/definitions/ExternalAccountProviderCollection", 124*d125652eSGunnar Mills "description": "The additional external account providers that this account service uses.", 125*d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource collection of type `ExternalAccountProviderCollection` that represents the additional external account providers that this account service uses.", 126*d125652eSGunnar Mills "readonly": true, 127*d125652eSGunnar Mills "uriSegment": "ExternalAccountProviders", 128*d125652eSGunnar Mills "versionAdded": "v1_3_0" 129*d125652eSGunnar Mills }, 130*d125652eSGunnar Mills "AuthFailureLoggingThreshold": { 131*d125652eSGunnar Mills "description": "The number of authorization failures per account that are allowed before the failed attempt is logged to the manager log.", 132*d125652eSGunnar Mills "longDescription": "This property shall contain the threshold for when an authorization failure is logged. Logging shall occur after every `n` occurrences of an authorization failure on the same account, where `n` represents the value of this property. If the value is `0`, logging of authorization failures shall be disabled.", 133*d125652eSGunnar Mills "minimum": 0, 134*d125652eSGunnar Mills "readonly": false, 135*d125652eSGunnar Mills "type": "integer" 136*d125652eSGunnar Mills }, 137*d125652eSGunnar Mills "Description": { 138*d125652eSGunnar Mills "anyOf": [ 139*d125652eSGunnar Mills { 140*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Description" 141*d125652eSGunnar Mills }, 142*d125652eSGunnar Mills { 143*d125652eSGunnar Mills "type": "null" 144*d125652eSGunnar Mills } 145*d125652eSGunnar Mills ], 146*d125652eSGunnar Mills "readonly": true 147*d125652eSGunnar Mills }, 148*d125652eSGunnar Mills "EnforcePasswordHistoryCount": { 149*d125652eSGunnar Mills "description": "The number of unique new passwords that need to be associated with a user account before a previous password is accepted when modifying the password. If `0`, a user does not need to provide a unique new password.", 150*d125652eSGunnar Mills "longDescription": "This property shall contain the number of unique new passwords that need to be associated with a user account before a previous password is accepted when modifying the password. If not `0`, services shall reject modification requests of the `Password` property and `ChangePassword` actions that contain a previously used password in the specified count. If `0`, services shall not require the user to provide a unique new password. This property does not apply to accounts from external account providers.", 151*d125652eSGunnar Mills "minimum": 0, 152*d125652eSGunnar Mills "readonly": false, 153*d125652eSGunnar Mills "type": "integer", 154*d125652eSGunnar Mills "versionAdded": "v1_17_0" 155*d125652eSGunnar Mills }, 156*d125652eSGunnar Mills "HTTPBasicAuth": { 157*d125652eSGunnar Mills "anyOf": [ 158*d125652eSGunnar Mills { 159*d125652eSGunnar Mills "$ref": "#/definitions/BasicAuthState" 160*d125652eSGunnar Mills }, 161*d125652eSGunnar Mills { 162*d125652eSGunnar Mills "type": "null" 163*d125652eSGunnar Mills } 164*d125652eSGunnar Mills ], 165*d125652eSGunnar Mills "description": "Indicates if HTTP Basic authentication is enabled for this service.", 166*d125652eSGunnar Mills "longDescription": "This property shall indicate whether clients are able to authenticate to the Redfish service with HTTP Basic authentication. This property should default to `Enabled` for client compatibility. If this property is not present in responses, the value shall be assumed to be `Enabled`.", 167*d125652eSGunnar Mills "readonly": false, 168*d125652eSGunnar Mills "versionAdded": "v1_15_0" 169*d125652eSGunnar Mills }, 170*d125652eSGunnar Mills "Id": { 171*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Id", 172*d125652eSGunnar Mills "readonly": true 173*d125652eSGunnar Mills }, 174*d125652eSGunnar Mills "LDAP": { 175*d125652eSGunnar Mills "$ref": "#/definitions/ExternalAccountProvider", 176*d125652eSGunnar Mills "description": "The first LDAP external account provider that this account service supports.", 177*d125652eSGunnar Mills "longDescription": "This property shall contain the first LDAP external account provider that this account service supports. If the account service supports one or more LDAP services as an external account provider, this entity shall be populated by default. This entity shall not be present in the additional external account providers resource collection.", 178*d125652eSGunnar Mills "versionAdded": "v1_3_0" 179*d125652eSGunnar Mills }, 180*d125652eSGunnar Mills "LocalAccountAuth": { 181*d125652eSGunnar Mills "$ref": "#/definitions/LocalAccountAuth", 182*d125652eSGunnar Mills "description": "An indication of how the service uses the accounts collection within this account service as part of authentication. The enumerated values describe the details for each mode.", 183*d125652eSGunnar Mills "longDescription": "This property shall govern how the service uses the manager accounts resource collection within this account service as part of authentication. The enumerated values describe the details for each mode.", 184*d125652eSGunnar Mills "readonly": false, 185*d125652eSGunnar Mills "versionAdded": "v1_3_0" 186*d125652eSGunnar Mills }, 187*d125652eSGunnar Mills "MaxPasswordLength": { 188*d125652eSGunnar Mills "description": "The maximum password length for this account service.", 189*d125652eSGunnar Mills "longDescription": "This property shall contain the maximum password length that the implementation allows for this account service. This property does not apply to accounts from external account providers.", 190*d125652eSGunnar Mills "minimum": 0, 191*d125652eSGunnar Mills "readonly": false, 192*d125652eSGunnar Mills "type": "integer" 193*d125652eSGunnar Mills }, 194*d125652eSGunnar Mills "MinPasswordLength": { 195*d125652eSGunnar Mills "description": "The minimum password length for this account service.", 196*d125652eSGunnar Mills "longDescription": "This property shall contain the minimum password length that the implementation allows for this account service. This property does not apply to accounts from external account providers.", 197*d125652eSGunnar Mills "minimum": 0, 198*d125652eSGunnar Mills "readonly": false, 199*d125652eSGunnar Mills "type": "integer" 200*d125652eSGunnar Mills }, 201*d125652eSGunnar Mills "MultiFactorAuth": { 202*d125652eSGunnar Mills "anyOf": [ 203*d125652eSGunnar Mills { 204*d125652eSGunnar Mills "$ref": "#/definitions/MultiFactorAuth" 205*d125652eSGunnar Mills }, 206*d125652eSGunnar Mills { 207*d125652eSGunnar Mills "type": "null" 208*d125652eSGunnar Mills } 209*d125652eSGunnar Mills ], 210*d125652eSGunnar Mills "description": "The multi-factor authentication settings that this account service supports.", 211*d125652eSGunnar Mills "longDescription": "This property shall contain the multi-factor authentication settings that this account service supports.", 212*d125652eSGunnar Mills "versionAdded": "v1_12_0" 213*d125652eSGunnar Mills }, 214*d125652eSGunnar Mills "Name": { 215*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Name", 216*d125652eSGunnar Mills "readonly": true 217*d125652eSGunnar Mills }, 218*d125652eSGunnar Mills "OAuth2": { 219*d125652eSGunnar Mills "anyOf": [ 220*d125652eSGunnar Mills { 221*d125652eSGunnar Mills "$ref": "#/definitions/ExternalAccountProvider" 222*d125652eSGunnar Mills }, 223*d125652eSGunnar Mills { 224*d125652eSGunnar Mills "type": "null" 225*d125652eSGunnar Mills } 226*d125652eSGunnar Mills ], 227*d125652eSGunnar Mills "description": "The first OAuth 2.0 external account provider that this account service supports.", 228*d125652eSGunnar Mills "longDescription": "This property shall contain the first OAuth 2.0 external account provider that this account service supports. If the account service supports one or more OAuth 2.0 services as an external account provider, this entity shall be populated by default. This entity shall not be present in the additional external account providers resource collection.", 229*d125652eSGunnar Mills "versionAdded": "v1_10_0" 230*d125652eSGunnar Mills }, 231*d125652eSGunnar Mills "Oem": { 232*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 233*d125652eSGunnar Mills "description": "The OEM extension property.", 234*d125652eSGunnar Mills "longDescription": "This property shall contain the OEM extensions. All values for properties that this object contains shall conform to the Redfish Specification-described requirements." 235*d125652eSGunnar Mills }, 236*d125652eSGunnar Mills "OutboundConnections": { 237*d125652eSGunnar Mills "anyOf": [ 238*d125652eSGunnar Mills { 239*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/OutboundConnectionCollection.json#/definitions/OutboundConnectionCollection" 240*d125652eSGunnar Mills }, 241*d125652eSGunnar Mills { 242*d125652eSGunnar Mills "type": "null" 243*d125652eSGunnar Mills } 244*d125652eSGunnar Mills ], 245*d125652eSGunnar Mills "description": "The collection of outbound connection configurations.", 246*d125652eSGunnar Mills "longDescription": "This property shall contain a resource collection of type `OutboundConnectionCollection`.", 247*d125652eSGunnar Mills "versionAdded": "v1_14_0" 248*d125652eSGunnar Mills }, 249*d125652eSGunnar Mills "PasswordExpirationDays": { 250*d125652eSGunnar Mills "description": "The number of days before account passwords in this account service will expire.", 251*d125652eSGunnar Mills "longDescription": "This property shall contain the number of days before account passwords in this account service will expire. The value shall be applied during account creation and password modification unless the `PasswordExpiration` property is provided. The value `null` shall indicate that account passwords never expire. This property does not apply to accounts from external account providers.", 252*d125652eSGunnar Mills "readonly": false, 253*d125652eSGunnar Mills "type": [ 254*d125652eSGunnar Mills "integer", 255*d125652eSGunnar Mills "null" 256*d125652eSGunnar Mills ], 257*d125652eSGunnar Mills "versionAdded": "v1_9_0" 258*d125652eSGunnar Mills }, 259*d125652eSGunnar Mills "PasswordGuidanceMessage": { 260*d125652eSGunnar Mills "description": "Password creation guidance for manager accounts.", 261*d125652eSGunnar Mills "longDescription": "This property shall contain guidance for creating passwords that meet the password complexity or other related requirements for this service.", 262*d125652eSGunnar Mills "readonly": true, 263*d125652eSGunnar Mills "type": "string", 264*d125652eSGunnar Mills "versionAdded": "v1_18_0" 265*d125652eSGunnar Mills }, 266*d125652eSGunnar Mills "PasswordGuidanceMessageId": { 267*d125652eSGunnar Mills "description": "A `MessageId` that contains password creation guidance for manager accounts.", 268*d125652eSGunnar Mills "longDescription": "This property shall contain a `MessageId` value that contains guidance for creating passwords that meet the password complexity or other related requirements for this service. The value shall contain a `MessageId`, as defined in the 'MessageId format' clause of the Redfish Specification.", 269*d125652eSGunnar Mills "readonly": true, 270*d125652eSGunnar Mills "type": [ 271*d125652eSGunnar Mills "string", 272*d125652eSGunnar Mills "null" 273*d125652eSGunnar Mills ], 274*d125652eSGunnar Mills "versionAdded": "v1_18_0" 275*d125652eSGunnar Mills }, 276*d125652eSGunnar Mills "PrivilegeMap": { 277*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/PrivilegeRegistry.json#/definitions/PrivilegeRegistry", 278*d125652eSGunnar Mills "description": "The link to the mapping of the privileges required to complete a requested operation on a URI associated with this service.", 279*d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource of type `PrivilegeMapping` that contains the privileges that are required for a user context to complete a requested operation on a URI associated with this service.", 280*d125652eSGunnar Mills "readonly": true, 281*d125652eSGunnar Mills "versionAdded": "v1_1_0" 282*d125652eSGunnar Mills }, 283*d125652eSGunnar Mills "RequireChangePasswordAction": { 284*d125652eSGunnar Mills "description": "An indication of whether clients are required to invoke the `ChangePassword` action to modify account passwords.", 285*d125652eSGunnar Mills "longDescription": "This property shall indicate whether clients are required to invoke the `ChangePassword` action to modify the `Password` property in `ManagerAccount` resources. If `true`, services shall reject `PATCH` and `PUT` requests to modify the `Password` property in `ManagerAccount` resources.", 286*d125652eSGunnar Mills "readonly": false, 287*d125652eSGunnar Mills "type": [ 288*d125652eSGunnar Mills "boolean", 289*d125652eSGunnar Mills "null" 290*d125652eSGunnar Mills ], 291*d125652eSGunnar Mills "versionAdded": "v1_14_0" 292*d125652eSGunnar Mills }, 293*d125652eSGunnar Mills "RestrictedOemPrivileges": { 294*d125652eSGunnar Mills "description": "The set of restricted OEM privileges.", 295*d125652eSGunnar Mills "items": { 296*d125652eSGunnar Mills "type": "string" 297*d125652eSGunnar Mills }, 298*d125652eSGunnar Mills "longDescription": "This property shall contain an array of OEM privileges that are restricted by the service.", 299*d125652eSGunnar Mills "readonly": true, 300*d125652eSGunnar Mills "type": "array", 301*d125652eSGunnar Mills "versionAdded": "v1_8_0" 302*d125652eSGunnar Mills }, 303*d125652eSGunnar Mills "RestrictedPrivileges": { 304*d125652eSGunnar Mills "description": "The set of restricted Redfish privileges.", 305*d125652eSGunnar Mills "items": { 306*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Privileges.json#/definitions/PrivilegeType" 307*d125652eSGunnar Mills }, 308*d125652eSGunnar Mills "longDescription": "This property shall contain an array of Redfish privileges that are restricted by the service.", 309*d125652eSGunnar Mills "readonly": true, 310*d125652eSGunnar Mills "type": "array", 311*d125652eSGunnar Mills "versionAdded": "v1_8_0" 312*d125652eSGunnar Mills }, 313*d125652eSGunnar Mills "Roles": { 314*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/RoleCollection.json#/definitions/RoleCollection", 315*d125652eSGunnar Mills "description": "The collection of Redfish roles.", 316*d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource collection of type `RoleCollection`.", 317*d125652eSGunnar Mills "readonly": true 318*d125652eSGunnar Mills }, 319*d125652eSGunnar Mills "ServiceEnabled": { 320*d125652eSGunnar Mills "description": "An indication of whether the account service is enabled. If `true`, it is enabled. If `false`, it is disabled and users cannot be created, deleted, or modified, and new sessions cannot be started. However, established sessions might still continue to run. Any service, such as the session service, that attempts to access the disabled account service fails. However, this does not affect HTTP Basic Authentication connections.", 321*d125652eSGunnar Mills "longDescription": "This property shall indicate whether the account service is enabled. If `true`, it is enabled. If `false`, it is disabled and users cannot be created, deleted, or modified, and new sessions cannot be started. However, established sessions may still continue to run. Any service, such as the session service, that attempts to access the disabled account service fails. However, this does not affect HTTP Basic Authentication connections.", 322*d125652eSGunnar Mills "readonly": false, 323*d125652eSGunnar Mills "type": [ 324*d125652eSGunnar Mills "boolean", 325*d125652eSGunnar Mills "null" 326*d125652eSGunnar Mills ] 327*d125652eSGunnar Mills }, 328*d125652eSGunnar Mills "Status": { 329*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Status", 330*d125652eSGunnar Mills "description": "The status and health of the resource and its subordinate or dependent resources.", 331*d125652eSGunnar Mills "longDescription": "This property shall contain any status or health properties of the resource." 332*d125652eSGunnar Mills }, 333*d125652eSGunnar Mills "SupportedAccountTypes": { 334*d125652eSGunnar Mills "description": "The account types supported by the service.", 335*d125652eSGunnar Mills "items": { 336*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/ManagerAccount.json#/definitions/AccountTypes" 337*d125652eSGunnar Mills }, 338*d125652eSGunnar Mills "longDescription": "This property shall contain an array of the account types supported by the service.", 339*d125652eSGunnar Mills "readonly": true, 340*d125652eSGunnar Mills "type": "array", 341*d125652eSGunnar Mills "versionAdded": "v1_8_0" 342*d125652eSGunnar Mills }, 343*d125652eSGunnar Mills "SupportedOEMAccountTypes": { 344*d125652eSGunnar Mills "description": "The OEM account types supported by the service.", 345*d125652eSGunnar Mills "items": { 346*d125652eSGunnar Mills "type": "string" 347*d125652eSGunnar Mills }, 348*d125652eSGunnar Mills "longDescription": "This property shall contain an array of the OEM account types supported by the service.", 349*d125652eSGunnar Mills "readonly": true, 350*d125652eSGunnar Mills "type": "array", 351*d125652eSGunnar Mills "versionAdded": "v1_8_0" 352*d125652eSGunnar Mills }, 353*d125652eSGunnar Mills "TACACSplus": { 354*d125652eSGunnar Mills "anyOf": [ 355*d125652eSGunnar Mills { 356*d125652eSGunnar Mills "$ref": "#/definitions/ExternalAccountProvider" 357*d125652eSGunnar Mills }, 358*d125652eSGunnar Mills { 359*d125652eSGunnar Mills "type": "null" 360*d125652eSGunnar Mills } 361*d125652eSGunnar Mills ], 362*d125652eSGunnar Mills "description": "The first TACACS+ external account provider that this account service supports.", 363*d125652eSGunnar Mills "longDescription": "This property shall contain the first TACACS+ external account provider that this account service supports. If the account service supports one or more TACACS+ services as an external account provider, this entity shall be populated by default. This entity shall not be present in the additional external account providers resource collection.", 364*d125652eSGunnar Mills "versionAdded": "v1_8_0" 365*d125652eSGunnar Mills } 366*d125652eSGunnar Mills }, 367*d125652eSGunnar Mills "required": [ 368*d125652eSGunnar Mills "@odata.id", 369*d125652eSGunnar Mills "@odata.type", 370*d125652eSGunnar Mills "Id", 371*d125652eSGunnar Mills "Name" 372*d125652eSGunnar Mills ], 373*d125652eSGunnar Mills "type": "object" 374*d125652eSGunnar Mills }, 375*d125652eSGunnar Mills "Actions": { 376*d125652eSGunnar Mills "additionalProperties": false, 377*d125652eSGunnar Mills "description": "The available actions for this resource.", 378*d125652eSGunnar Mills "longDescription": "This type shall contain the available actions for this resource.", 379*d125652eSGunnar Mills "patternProperties": { 380*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 381*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 382*d125652eSGunnar Mills "type": [ 383*d125652eSGunnar Mills "array", 384*d125652eSGunnar Mills "boolean", 385*d125652eSGunnar Mills "integer", 386*d125652eSGunnar Mills "number", 387*d125652eSGunnar Mills "null", 388*d125652eSGunnar Mills "object", 389*d125652eSGunnar Mills "string" 390*d125652eSGunnar Mills ] 391*d125652eSGunnar Mills } 392*d125652eSGunnar Mills }, 393*d125652eSGunnar Mills "properties": { 394*d125652eSGunnar Mills "Oem": { 395*d125652eSGunnar Mills "$ref": "#/definitions/OemActions", 396*d125652eSGunnar Mills "description": "The available OEM-specific actions for this resource.", 397*d125652eSGunnar Mills "longDescription": "This property shall contain the available OEM-specific actions for this resource.", 398*d125652eSGunnar Mills "versionAdded": "v1_2_0" 399*d125652eSGunnar Mills } 400*d125652eSGunnar Mills }, 401*d125652eSGunnar Mills "type": "object" 402*d125652eSGunnar Mills }, 403*d125652eSGunnar Mills "Authentication": { 404*d125652eSGunnar Mills "additionalProperties": false, 405*d125652eSGunnar Mills "description": "The information required to authenticate to the external service.", 406*d125652eSGunnar Mills "longDescription": "This type shall contain the information required to authenticate to the external service.", 407*d125652eSGunnar Mills "patternProperties": { 408*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 409*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 410*d125652eSGunnar Mills "type": [ 411*d125652eSGunnar Mills "array", 412*d125652eSGunnar Mills "boolean", 413*d125652eSGunnar Mills "integer", 414*d125652eSGunnar Mills "number", 415*d125652eSGunnar Mills "null", 416*d125652eSGunnar Mills "object", 417*d125652eSGunnar Mills "string" 418*d125652eSGunnar Mills ] 419*d125652eSGunnar Mills } 420*d125652eSGunnar Mills }, 421*d125652eSGunnar Mills "properties": { 422*d125652eSGunnar Mills "AuthenticationType": { 423*d125652eSGunnar Mills "anyOf": [ 424*d125652eSGunnar Mills { 425*d125652eSGunnar Mills "$ref": "#/definitions/AuthenticationTypes" 426*d125652eSGunnar Mills }, 427*d125652eSGunnar Mills { 428*d125652eSGunnar Mills "type": "null" 429*d125652eSGunnar Mills } 430*d125652eSGunnar Mills ], 431*d125652eSGunnar Mills "description": "The type of authentication used to connect to the external account provider.", 432*d125652eSGunnar Mills "longDescription": "This property shall contain the type of authentication used to connect to the external account provider.", 433*d125652eSGunnar Mills "readonly": false, 434*d125652eSGunnar Mills "versionAdded": "v1_3_0" 435*d125652eSGunnar Mills }, 436*d125652eSGunnar Mills "EncryptionKey": { 437*d125652eSGunnar Mills "description": "Specifies the encryption key.", 438*d125652eSGunnar Mills "longDescription": "This property shall contain the value of a symmetric encryption key for account services that support some form of encryption, obfuscation, or authentication such as TACACS+. The value shall be `null` in responses. The property shall accept a hexadecimal string whose length depends on the external account service, such as TACACS+. A TACACS+ service shall use this property to specify the secret key as defined in RFC8907.", 439*d125652eSGunnar Mills "pattern": "^[0-9a-fA-F]+$", 440*d125652eSGunnar Mills "readonly": false, 441*d125652eSGunnar Mills "type": [ 442*d125652eSGunnar Mills "string", 443*d125652eSGunnar Mills "null" 444*d125652eSGunnar Mills ], 445*d125652eSGunnar Mills "versionAdded": "v1_8_0", 446*d125652eSGunnar Mills "writeOnly": true 447*d125652eSGunnar Mills }, 448*d125652eSGunnar Mills "EncryptionKeySet": { 449*d125652eSGunnar Mills "description": "Indicates if the `EncryptionKey` property is set.", 450*d125652eSGunnar Mills "longDescription": "This property shall contain `true` if a valid value was provided for the `EncryptionKey` property. Otherwise, the property shall contain `false`. For a TACACS+ service, the value `false` shall indicate data obfuscation, as defined in section 4.5 of RFC8907, is disabled.", 451*d125652eSGunnar Mills "readonly": true, 452*d125652eSGunnar Mills "type": [ 453*d125652eSGunnar Mills "boolean", 454*d125652eSGunnar Mills "null" 455*d125652eSGunnar Mills ], 456*d125652eSGunnar Mills "versionAdded": "v1_8_0" 457*d125652eSGunnar Mills }, 458*d125652eSGunnar Mills "KerberosKeytab": { 459*d125652eSGunnar Mills "description": "The Base64-encoded Kerberos keytab for this service. A `PATCH` or `PUT` operation writes the keytab. This property is `null` in responses.", 460*d125652eSGunnar Mills "longDescription": "This property shall contain a Base64-encoded string, with padding characters, of the Kerberos keytab for this service. A `PATCH` or `PUT` operation writes the keytab. The value shall be `null` in responses.", 461*d125652eSGunnar Mills "readonly": false, 462*d125652eSGunnar Mills "type": [ 463*d125652eSGunnar Mills "string", 464*d125652eSGunnar Mills "null" 465*d125652eSGunnar Mills ], 466*d125652eSGunnar Mills "versionAdded": "v1_3_0", 467*d125652eSGunnar Mills "writeOnly": true 468*d125652eSGunnar Mills }, 469*d125652eSGunnar Mills "Oem": { 470*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 471*d125652eSGunnar Mills "description": "The OEM extension property.", 472*d125652eSGunnar Mills "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements.", 473*d125652eSGunnar Mills "versionAdded": "v1_3_0" 474*d125652eSGunnar Mills }, 475*d125652eSGunnar Mills "Password": { 476*d125652eSGunnar Mills "description": "The password for this service. A `PATCH` or `PUT` request writes the password. This property is `null` in responses.", 477*d125652eSGunnar Mills "longDescription": "This property shall contain the password for this service. A `PATCH` or `PUT` operation writes the password. The value shall be `null` in responses.", 478*d125652eSGunnar Mills "readonly": false, 479*d125652eSGunnar Mills "type": [ 480*d125652eSGunnar Mills "string", 481*d125652eSGunnar Mills "null" 482*d125652eSGunnar Mills ], 483*d125652eSGunnar Mills "versionAdded": "v1_3_0", 484*d125652eSGunnar Mills "writeOnly": true 485*d125652eSGunnar Mills }, 486*d125652eSGunnar Mills "Token": { 487*d125652eSGunnar Mills "description": "The token for this service. A `PATCH` or `PUT` operation writes the token. This property is `null` in responses.", 488*d125652eSGunnar Mills "longDescription": "This property shall contain the token for this service. A `PATCH` or `PUT` operation writes the token. The value shall be `null` in responses.", 489*d125652eSGunnar Mills "readonly": false, 490*d125652eSGunnar Mills "type": [ 491*d125652eSGunnar Mills "string", 492*d125652eSGunnar Mills "null" 493*d125652eSGunnar Mills ], 494*d125652eSGunnar Mills "versionAdded": "v1_3_0", 495*d125652eSGunnar Mills "writeOnly": true 496*d125652eSGunnar Mills }, 497*d125652eSGunnar Mills "Username": { 498*d125652eSGunnar Mills "description": "The username for the service.", 499*d125652eSGunnar Mills "longDescription": "This property shall contain the username for this service.", 500*d125652eSGunnar Mills "readonly": false, 501*d125652eSGunnar Mills "type": "string", 502*d125652eSGunnar Mills "versionAdded": "v1_3_0" 503*d125652eSGunnar Mills } 504*d125652eSGunnar Mills }, 505*d125652eSGunnar Mills "type": "object" 506*d125652eSGunnar Mills }, 507*d125652eSGunnar Mills "AuthenticationTypes": { 508*d125652eSGunnar Mills "enum": [ 509*d125652eSGunnar Mills "Token", 510*d125652eSGunnar Mills "KerberosKeytab", 511*d125652eSGunnar Mills "UsernameAndPassword", 512*d125652eSGunnar Mills "OEM" 513*d125652eSGunnar Mills ], 514*d125652eSGunnar Mills "enumDescriptions": { 515*d125652eSGunnar Mills "KerberosKeytab": "A Kerberos keytab.", 516*d125652eSGunnar Mills "OEM": "An OEM-specific authentication mechanism.", 517*d125652eSGunnar Mills "Token": "An opaque authentication token.", 518*d125652eSGunnar Mills "UsernameAndPassword": "A username and password combination." 519*d125652eSGunnar Mills }, 520*d125652eSGunnar Mills "type": "string" 521*d125652eSGunnar Mills }, 522*d125652eSGunnar Mills "BasicAuthState": { 523*d125652eSGunnar Mills "enum": [ 524*d125652eSGunnar Mills "Enabled", 525*d125652eSGunnar Mills "Unadvertised", 526*d125652eSGunnar Mills "Disabled" 527*d125652eSGunnar Mills ], 528*d125652eSGunnar Mills "enumDescriptions": { 529*d125652eSGunnar Mills "Disabled": "HTTP Basic authentication is disabled.", 530*d125652eSGunnar Mills "Enabled": "HTTP Basic authentication is enabled.", 531*d125652eSGunnar Mills "Unadvertised": "HTTP Basic authentication is enabled, but is not advertised with the `WWW-Authenticate` response header." 532*d125652eSGunnar Mills }, 533*d125652eSGunnar Mills "enumLongDescriptions": { 534*d125652eSGunnar Mills "Disabled": "This value shall indicate that HTTP Basic authentication is disabled for the service.", 535*d125652eSGunnar Mills "Enabled": "This value shall indicate that HTTP Basic authentication is enabled for the service. The service shall include the `WWW-Authenticate` HTTP response header with the value including `Basic` when returning the HTTP `401 Unauthorized` status code.", 536*d125652eSGunnar Mills "Unadvertised": "This value shall indicate that HTTP Basic authentication is enabled for the service. The service shall not include `Basic` in the value of the `WWW-Authenticate` HTTP response header and may omit the header entirely from responses. The lack of advertisement prevents some clients from accessing the service with HTTP Basic authentication, such as web browsers." 537*d125652eSGunnar Mills }, 538*d125652eSGunnar Mills "type": "string" 539*d125652eSGunnar Mills }, 540*d125652eSGunnar Mills "CertificateMappingAttribute": { 541*d125652eSGunnar Mills "enum": [ 542*d125652eSGunnar Mills "Whole", 543*d125652eSGunnar Mills "CommonName", 544*d125652eSGunnar Mills "UserPrincipalName" 545*d125652eSGunnar Mills ], 546*d125652eSGunnar Mills "enumDescriptions": { 547*d125652eSGunnar Mills "CommonName": "Match the Common Name (CN) field in the provided certificate to the username.", 548*d125652eSGunnar Mills "UserPrincipalName": "Match the User Principal Name (UPN) field in the provided certificate to the username.", 549*d125652eSGunnar Mills "Whole": "Match the whole certificate." 550*d125652eSGunnar Mills }, 551*d125652eSGunnar Mills "enumLongDescriptions": { 552*d125652eSGunnar Mills "CommonName": "This value shall indicate the service matches the RFC5280-defined 'commonName' attribute in the provided certificate to the `UserName` property in a `ManagerAccount` resource or the appropriate field from an external account provider.", 553*d125652eSGunnar Mills "UserPrincipalName": "This value shall indicate the service matches the User Principal Name (UPN) field in the provided certificate to the `UserName` property in a `ManagerAccount` resource or the appropriate field from an external account provider.", 554*d125652eSGunnar Mills "Whole": "This value shall indicate the service matches the entire certificate with a `Certificate` resource subordinate to a `ManagerAccount` resource or the entire certificate matches the appropriate field from an external account provider." 555*d125652eSGunnar Mills }, 556*d125652eSGunnar Mills "type": "string" 557*d125652eSGunnar Mills }, 558*d125652eSGunnar Mills "ClientCertificate": { 559*d125652eSGunnar Mills "additionalProperties": false, 560*d125652eSGunnar Mills "description": "Various settings for client certificate authentication such as mTLS or CAC/PIV.", 561*d125652eSGunnar Mills "longDescription": "This type shall contain settings for client certificate authentication.", 562*d125652eSGunnar Mills "patternProperties": { 563*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 564*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 565*d125652eSGunnar Mills "type": [ 566*d125652eSGunnar Mills "array", 567*d125652eSGunnar Mills "boolean", 568*d125652eSGunnar Mills "integer", 569*d125652eSGunnar Mills "number", 570*d125652eSGunnar Mills "null", 571*d125652eSGunnar Mills "object", 572*d125652eSGunnar Mills "string" 573*d125652eSGunnar Mills ] 574*d125652eSGunnar Mills } 575*d125652eSGunnar Mills }, 576*d125652eSGunnar Mills "properties": { 577*d125652eSGunnar Mills "CertificateMappingAttribute": { 578*d125652eSGunnar Mills "anyOf": [ 579*d125652eSGunnar Mills { 580*d125652eSGunnar Mills "$ref": "#/definitions/CertificateMappingAttribute" 581*d125652eSGunnar Mills }, 582*d125652eSGunnar Mills { 583*d125652eSGunnar Mills "type": "null" 584*d125652eSGunnar Mills } 585*d125652eSGunnar Mills ], 586*d125652eSGunnar Mills "description": "The client certificate attribute to map to a user.", 587*d125652eSGunnar Mills "longDescription": "This property shall contain the client certificate attribute to map to a user.", 588*d125652eSGunnar Mills "readonly": false, 589*d125652eSGunnar Mills "versionAdded": "v1_12_0" 590*d125652eSGunnar Mills }, 591*d125652eSGunnar Mills "Certificates": { 592*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/CertificateCollection.json#/definitions/CertificateCollection", 593*d125652eSGunnar Mills "description": "The link to a collection of CA certificates used to validate client certificates.", 594*d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource collection of type `CertificateCollection` that represents the CA certificates used to validate client certificates during TLS handshaking. Regardless of the contents of this collection, services may perform additional verification based on other factors, such as the configuration of the `SecurityPolicy` resource. If the service supports the `RevokedCertificates` or `TrustedCertificates` properties within the `Server` property within the `TLS` property of the `SecurityPolicy` resource, the service shall verify the provided client certificate with the `SecurityPolicy` resource prior to verifying it with this collection.", 595*d125652eSGunnar Mills "readonly": true, 596*d125652eSGunnar Mills "versionAdded": "v1_12_0" 597*d125652eSGunnar Mills }, 598*d125652eSGunnar Mills "Enabled": { 599*d125652eSGunnar Mills "description": "An indication of whether client certificate authentication is enabled.", 600*d125652eSGunnar Mills "longDescription": "This property shall indicate whether client certificate authentication is enabled.", 601*d125652eSGunnar Mills "readonly": false, 602*d125652eSGunnar Mills "type": [ 603*d125652eSGunnar Mills "boolean", 604*d125652eSGunnar Mills "null" 605*d125652eSGunnar Mills ], 606*d125652eSGunnar Mills "versionAdded": "v1_12_0" 607*d125652eSGunnar Mills }, 608*d125652eSGunnar Mills "RespondToUnauthenticatedClients": { 609*d125652eSGunnar Mills "description": "An indication of whether the service responds to clients that do not successfully authenticate.", 610*d125652eSGunnar Mills "longDescription": "This property shall indicate whether the service responds to clients that do not successfully authenticate. If this property is not supported by the service, it shall be assumed to be `true`. See the 'Client certificate authentication' clause in the Redfish Specification.", 611*d125652eSGunnar Mills "readonly": false, 612*d125652eSGunnar Mills "type": [ 613*d125652eSGunnar Mills "boolean", 614*d125652eSGunnar Mills "null" 615*d125652eSGunnar Mills ], 616*d125652eSGunnar Mills "versionAdded": "v1_12_0" 617*d125652eSGunnar Mills } 618*d125652eSGunnar Mills }, 619*d125652eSGunnar Mills "type": "object" 620*d125652eSGunnar Mills }, 621*d125652eSGunnar Mills "ExternalAccountProvider": { 622*d125652eSGunnar Mills "additionalProperties": false, 623*d125652eSGunnar Mills "description": "The external account provider services that can provide accounts for this manager to use for authentication.", 624*d125652eSGunnar Mills "longDescription": "This type shall contain properties that represent external account provider services that can provide accounts for this manager to use for authentication.", 625*d125652eSGunnar Mills "patternProperties": { 626*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 627*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 628*d125652eSGunnar Mills "type": [ 629*d125652eSGunnar Mills "array", 630*d125652eSGunnar Mills "boolean", 631*d125652eSGunnar Mills "integer", 632*d125652eSGunnar Mills "number", 633*d125652eSGunnar Mills "null", 634*d125652eSGunnar Mills "object", 635*d125652eSGunnar Mills "string" 636*d125652eSGunnar Mills ] 637*d125652eSGunnar Mills } 638*d125652eSGunnar Mills }, 639*d125652eSGunnar Mills "properties": { 640*d125652eSGunnar Mills "AccountProviderType": { 641*d125652eSGunnar Mills "anyOf": [ 642*d125652eSGunnar Mills { 643*d125652eSGunnar Mills "$ref": "#/definitions/AccountProviderTypes" 644*d125652eSGunnar Mills }, 645*d125652eSGunnar Mills { 646*d125652eSGunnar Mills "type": "null" 647*d125652eSGunnar Mills } 648*d125652eSGunnar Mills ], 649*d125652eSGunnar Mills "deprecated": "This property is deprecated because the account provider type is known when used in the `LDAP` and `ActiveDirectory` objects.", 650*d125652eSGunnar Mills "description": "The type of external account provider to which this service connects.", 651*d125652eSGunnar Mills "longDescription": "This property shall contain the type of external account provider to which this service connects.", 652*d125652eSGunnar Mills "readonly": true, 653*d125652eSGunnar Mills "versionAdded": "v1_3_0", 654*d125652eSGunnar Mills "versionDeprecated": "v1_5_0" 655*d125652eSGunnar Mills }, 656*d125652eSGunnar Mills "Authentication": { 657*d125652eSGunnar Mills "$ref": "#/definitions/Authentication", 658*d125652eSGunnar Mills "description": "The authentication information for the external account provider.", 659*d125652eSGunnar Mills "longDescription": "This property shall contain the authentication information for the external account provider.", 660*d125652eSGunnar Mills "versionAdded": "v1_3_0" 661*d125652eSGunnar Mills }, 662*d125652eSGunnar Mills "Certificates": { 663*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/CertificateCollection.json#/definitions/CertificateCollection", 664*d125652eSGunnar Mills "description": "The link to a collection of certificates that the external account provider uses.", 665*d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource collection of type `CertificateCollection` that contains certificates the external account provider uses.", 666*d125652eSGunnar Mills "readonly": true, 667*d125652eSGunnar Mills "versionAdded": "v1_4_0" 668*d125652eSGunnar Mills }, 669*d125652eSGunnar Mills "LDAPService": { 670*d125652eSGunnar Mills "$ref": "#/definitions/LDAPService", 671*d125652eSGunnar Mills "description": "The additional mapping information needed to parse a generic LDAP service.", 672*d125652eSGunnar Mills "longDescription": "This property shall contain any additional mapping information needed to parse a generic LDAP service. This property should only be present inside the `LDAP` property.", 673*d125652eSGunnar Mills "versionAdded": "v1_3_0" 674*d125652eSGunnar Mills }, 675*d125652eSGunnar Mills "OAuth2Service": { 676*d125652eSGunnar Mills "anyOf": [ 677*d125652eSGunnar Mills { 678*d125652eSGunnar Mills "$ref": "#/definitions/OAuth2Service" 679*d125652eSGunnar Mills }, 680*d125652eSGunnar Mills { 681*d125652eSGunnar Mills "type": "null" 682*d125652eSGunnar Mills } 683*d125652eSGunnar Mills ], 684*d125652eSGunnar Mills "description": "The additional information needed to parse an OAuth 2.0 service.", 685*d125652eSGunnar Mills "longDescription": "This property shall contain additional information needed to parse an OAuth 2.0 service. This property should only be present inside an `OAuth2` property.", 686*d125652eSGunnar Mills "versionAdded": "v1_10_0" 687*d125652eSGunnar Mills }, 688*d125652eSGunnar Mills "PasswordSet": { 689*d125652eSGunnar Mills "description": "Indicates if the `Password` property is set.", 690*d125652eSGunnar Mills "longDescription": "This property shall contain `true` if a valid value was provided for the `Password` property. Otherwise, the property shall contain `false`.", 691*d125652eSGunnar Mills "readonly": true, 692*d125652eSGunnar Mills "type": "boolean", 693*d125652eSGunnar Mills "versionAdded": "v1_7_0" 694*d125652eSGunnar Mills }, 695*d125652eSGunnar Mills "Priority": { 696*d125652eSGunnar Mills "description": "The authentication priority for the external account provider.", 697*d125652eSGunnar Mills "longDescription": "This property shall contain the assigned priority for the specified external account provider. The value `0` shall indicate the highest priority. Increasing values shall represent decreasing priority. If an external provider does not have a priority assignment or two or more external providers have the same priority, the behavior shall be determined by the Redfish service. The priority is used to determine the order of authentication and authorization for each external account provider.", 698*d125652eSGunnar Mills "minimum": 0, 699*d125652eSGunnar Mills "readonly": false, 700*d125652eSGunnar Mills "type": [ 701*d125652eSGunnar Mills "integer", 702*d125652eSGunnar Mills "null" 703*d125652eSGunnar Mills ], 704*d125652eSGunnar Mills "versionAdded": "v1_8_0" 705*d125652eSGunnar Mills }, 706*d125652eSGunnar Mills "RemoteRoleMapping": { 707*d125652eSGunnar Mills "description": "The mapping rules to convert the external account providers account information to the local Redfish role.", 708*d125652eSGunnar Mills "items": { 709*d125652eSGunnar Mills "anyOf": [ 710*d125652eSGunnar Mills { 711*d125652eSGunnar Mills "$ref": "#/definitions/RoleMapping" 712*d125652eSGunnar Mills }, 713*d125652eSGunnar Mills { 714*d125652eSGunnar Mills "type": "null" 715*d125652eSGunnar Mills } 716*d125652eSGunnar Mills ] 717*d125652eSGunnar Mills }, 718*d125652eSGunnar Mills "longDescription": "This property shall contain a set of the mapping rules that are used to convert the external account providers account information to the local Redfish role.", 719*d125652eSGunnar Mills "type": "array", 720*d125652eSGunnar Mills "versionAdded": "v1_3_0" 721*d125652eSGunnar Mills }, 722*d125652eSGunnar Mills "Retries": { 723*d125652eSGunnar Mills "description": "The number of times to retry connecting to an address in the `ServiceAddresses` property before attempting the next address in the array.", 724*d125652eSGunnar Mills "longDescription": "This property shall contain the number of retries to attempt a connection to an address in the `ServiceAddresses` property before attempting a connection to the next address in the array or giving up. If this property is not present, the service has internal policies for handling retries.", 725*d125652eSGunnar Mills "readonly": false, 726*d125652eSGunnar Mills "type": [ 727*d125652eSGunnar Mills "integer", 728*d125652eSGunnar Mills "null" 729*d125652eSGunnar Mills ], 730*d125652eSGunnar Mills "versionAdded": "v1_13_0" 731*d125652eSGunnar Mills }, 732*d125652eSGunnar Mills "ServiceAddresses": { 733*d125652eSGunnar Mills "description": "The addresses of the user account providers to which this external account provider links. The format of this field depends on the type of external account provider.", 734*d125652eSGunnar Mills "items": { 735*d125652eSGunnar Mills "type": [ 736*d125652eSGunnar Mills "string", 737*d125652eSGunnar Mills "null" 738*d125652eSGunnar Mills ] 739*d125652eSGunnar Mills }, 740*d125652eSGunnar Mills "longDescription": "This property shall contain the addresses of the account providers to which this external account provider links. The format of this field depends on the type of external account provider. Each item in the array shall contain a single address. Services can define their own behavior for managing multiple addresses.", 741*d125652eSGunnar Mills "readonly": false, 742*d125652eSGunnar Mills "type": "array", 743*d125652eSGunnar Mills "versionAdded": "v1_3_0" 744*d125652eSGunnar Mills }, 745*d125652eSGunnar Mills "ServiceEnabled": { 746*d125652eSGunnar Mills "description": "An indication of whether this service is enabled.", 747*d125652eSGunnar Mills "longDescription": "This property shall indicate whether this service is enabled.", 748*d125652eSGunnar Mills "readonly": false, 749*d125652eSGunnar Mills "type": [ 750*d125652eSGunnar Mills "boolean", 751*d125652eSGunnar Mills "null" 752*d125652eSGunnar Mills ], 753*d125652eSGunnar Mills "versionAdded": "v1_3_0" 754*d125652eSGunnar Mills }, 755*d125652eSGunnar Mills "TACACSplusService": { 756*d125652eSGunnar Mills "anyOf": [ 757*d125652eSGunnar Mills { 758*d125652eSGunnar Mills "$ref": "#/definitions/TACACSplusService" 759*d125652eSGunnar Mills }, 760*d125652eSGunnar Mills { 761*d125652eSGunnar Mills "type": "null" 762*d125652eSGunnar Mills } 763*d125652eSGunnar Mills ], 764*d125652eSGunnar Mills "description": "The additional information needed to parse a TACACS+ services.", 765*d125652eSGunnar Mills "longDescription": "This property shall contain additional information needed to parse a TACACS+ services. This property should only be present inside a `TACACSplus` property.", 766*d125652eSGunnar Mills "versionAdded": "v1_8_0" 767*d125652eSGunnar Mills }, 768*d125652eSGunnar Mills "TimeoutSeconds": { 769*d125652eSGunnar Mills "description": "The period of time, in seconds, this account service will wait for a response from an address of a user account provider before timing out.", 770*d125652eSGunnar Mills "longDescription": "This property shall contain the period of time, in seconds, this account service will wait for a response from an address of a user account provider before timing out. If this property is not present, the service has internal policies for handling timeouts.", 771*d125652eSGunnar Mills "readonly": false, 772*d125652eSGunnar Mills "type": [ 773*d125652eSGunnar Mills "integer", 774*d125652eSGunnar Mills "null" 775*d125652eSGunnar Mills ], 776*d125652eSGunnar Mills "versionAdded": "v1_13_0" 777*d125652eSGunnar Mills } 778*d125652eSGunnar Mills }, 779*d125652eSGunnar Mills "type": "object" 780*d125652eSGunnar Mills }, 781*d125652eSGunnar Mills "GoogleAuthenticator": { 782*d125652eSGunnar Mills "additionalProperties": false, 783*d125652eSGunnar Mills "description": "Various settings for Google Authenticator multi-factor authentication.", 784*d125652eSGunnar Mills "longDescription": "This type shall contain settings for Google Authenticator multi-factor authentication.", 785*d125652eSGunnar Mills "patternProperties": { 786*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 787*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 788*d125652eSGunnar Mills "type": [ 789*d125652eSGunnar Mills "array", 790*d125652eSGunnar Mills "boolean", 791*d125652eSGunnar Mills "integer", 792*d125652eSGunnar Mills "number", 793*d125652eSGunnar Mills "null", 794*d125652eSGunnar Mills "object", 795*d125652eSGunnar Mills "string" 796*d125652eSGunnar Mills ] 797*d125652eSGunnar Mills } 798*d125652eSGunnar Mills }, 799*d125652eSGunnar Mills "properties": { 800*d125652eSGunnar Mills "Enabled": { 801*d125652eSGunnar Mills "description": "An indication of whether multi-factor authentication with Google Authenticator is enabled.", 802*d125652eSGunnar Mills "longDescription": "This property shall indicate whether multi-factor authentication with Google Authenticator is enabled.", 803*d125652eSGunnar Mills "readonly": false, 804*d125652eSGunnar Mills "type": [ 805*d125652eSGunnar Mills "boolean", 806*d125652eSGunnar Mills "null" 807*d125652eSGunnar Mills ], 808*d125652eSGunnar Mills "versionAdded": "v1_12_0" 809*d125652eSGunnar Mills }, 810*d125652eSGunnar Mills "SecretKey": { 811*d125652eSGunnar Mills "description": "The secret key to use when communicating with the Google Authenticator server. This property is `null` in responses.", 812*d125652eSGunnar Mills "longDescription": "This property shall contain the client key to use when communicating with the Google Authenticator Server. The value shall be `null` in responses.", 813*d125652eSGunnar Mills "readonly": false, 814*d125652eSGunnar Mills "type": [ 815*d125652eSGunnar Mills "string", 816*d125652eSGunnar Mills "null" 817*d125652eSGunnar Mills ], 818*d125652eSGunnar Mills "versionAdded": "v1_12_0" 819*d125652eSGunnar Mills }, 820*d125652eSGunnar Mills "SecretKeySet": { 821*d125652eSGunnar Mills "description": "Indicates if the `SecretKey` property is set.", 822*d125652eSGunnar Mills "longDescription": "This property shall contain `true` if a valid value was provided for the `SecretKey` property. Otherwise, the property shall contain `false`.", 823*d125652eSGunnar Mills "readonly": true, 824*d125652eSGunnar Mills "type": "boolean", 825*d125652eSGunnar Mills "versionAdded": "v1_12_0" 826*d125652eSGunnar Mills } 827*d125652eSGunnar Mills }, 828*d125652eSGunnar Mills "type": "object" 829*d125652eSGunnar Mills }, 830*d125652eSGunnar Mills "LDAPSearchSettings": { 831*d125652eSGunnar Mills "additionalProperties": false, 832*d125652eSGunnar Mills "description": "The settings to search a generic LDAP service.", 833*d125652eSGunnar Mills "longDescription": "This type shall contain all required settings to search a generic LDAP service.", 834*d125652eSGunnar Mills "patternProperties": { 835*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 836*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 837*d125652eSGunnar Mills "type": [ 838*d125652eSGunnar Mills "array", 839*d125652eSGunnar Mills "boolean", 840*d125652eSGunnar Mills "integer", 841*d125652eSGunnar Mills "number", 842*d125652eSGunnar Mills "null", 843*d125652eSGunnar Mills "object", 844*d125652eSGunnar Mills "string" 845*d125652eSGunnar Mills ] 846*d125652eSGunnar Mills } 847*d125652eSGunnar Mills }, 848*d125652eSGunnar Mills "properties": { 849*d125652eSGunnar Mills "BaseDistinguishedNames": { 850*d125652eSGunnar Mills "description": "The base distinguished names to use to search an external LDAP service.", 851*d125652eSGunnar Mills "items": { 852*d125652eSGunnar Mills "type": [ 853*d125652eSGunnar Mills "string", 854*d125652eSGunnar Mills "null" 855*d125652eSGunnar Mills ] 856*d125652eSGunnar Mills }, 857*d125652eSGunnar Mills "longDescription": "This property shall contain an array of base distinguished names to use to search an external LDAP service.", 858*d125652eSGunnar Mills "readonly": false, 859*d125652eSGunnar Mills "type": "array", 860*d125652eSGunnar Mills "versionAdded": "v1_3_0" 861*d125652eSGunnar Mills }, 862*d125652eSGunnar Mills "EmailAttribute": { 863*d125652eSGunnar Mills "description": "The attribute name that contains the LDAP user's email address.", 864*d125652eSGunnar Mills "longDescription": "This property shall contain the attribute name that contains the LDAP user's email address. If this value is not set by the user, or the property is not present, the value shall be `mail`.", 865*d125652eSGunnar Mills "readonly": false, 866*d125652eSGunnar Mills "type": [ 867*d125652eSGunnar Mills "string", 868*d125652eSGunnar Mills "null" 869*d125652eSGunnar Mills ], 870*d125652eSGunnar Mills "versionAdded": "v1_14_0" 871*d125652eSGunnar Mills }, 872*d125652eSGunnar Mills "GroupNameAttribute": { 873*d125652eSGunnar Mills "description": "The attribute name that contains the LDAP group name entry.", 874*d125652eSGunnar Mills "longDescription": "This property shall contain the attribute name that contains the LDAP group name.", 875*d125652eSGunnar Mills "readonly": false, 876*d125652eSGunnar Mills "type": [ 877*d125652eSGunnar Mills "string", 878*d125652eSGunnar Mills "null" 879*d125652eSGunnar Mills ], 880*d125652eSGunnar Mills "versionAdded": "v1_3_0" 881*d125652eSGunnar Mills }, 882*d125652eSGunnar Mills "GroupsAttribute": { 883*d125652eSGunnar Mills "description": "The attribute name that contains the groups for a user on the LDAP user entry.", 884*d125652eSGunnar Mills "longDescription": "This property shall contain the attribute name that contains the groups for an LDAP user entry.", 885*d125652eSGunnar Mills "readonly": false, 886*d125652eSGunnar Mills "type": [ 887*d125652eSGunnar Mills "string", 888*d125652eSGunnar Mills "null" 889*d125652eSGunnar Mills ], 890*d125652eSGunnar Mills "versionAdded": "v1_3_0" 891*d125652eSGunnar Mills }, 892*d125652eSGunnar Mills "SSHKeyAttribute": { 893*d125652eSGunnar Mills "description": "The attribute name that contains the LDAP user's SSH public key entry.", 894*d125652eSGunnar Mills "longDescription": "This property shall contain the attribute name that contains the LDAP user's SSH public key.", 895*d125652eSGunnar Mills "readonly": false, 896*d125652eSGunnar Mills "type": [ 897*d125652eSGunnar Mills "string", 898*d125652eSGunnar Mills "null" 899*d125652eSGunnar Mills ], 900*d125652eSGunnar Mills "versionAdded": "v1_11_0" 901*d125652eSGunnar Mills }, 902*d125652eSGunnar Mills "UsernameAttribute": { 903*d125652eSGunnar Mills "description": "The attribute name that contains the LDAP username entry.", 904*d125652eSGunnar Mills "longDescription": "This property shall contain the attribute name that contains the LDAP username.", 905*d125652eSGunnar Mills "readonly": false, 906*d125652eSGunnar Mills "type": [ 907*d125652eSGunnar Mills "string", 908*d125652eSGunnar Mills "null" 909*d125652eSGunnar Mills ], 910*d125652eSGunnar Mills "versionAdded": "v1_3_0" 911*d125652eSGunnar Mills } 912*d125652eSGunnar Mills }, 913*d125652eSGunnar Mills "type": "object" 914*d125652eSGunnar Mills }, 915*d125652eSGunnar Mills "LDAPService": { 916*d125652eSGunnar Mills "additionalProperties": false, 917*d125652eSGunnar Mills "description": "The settings required to parse a generic LDAP service.", 918*d125652eSGunnar Mills "longDescription": "This type shall contain all required settings to parse a generic LDAP service.", 919*d125652eSGunnar Mills "patternProperties": { 920*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 921*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 922*d125652eSGunnar Mills "type": [ 923*d125652eSGunnar Mills "array", 924*d125652eSGunnar Mills "boolean", 925*d125652eSGunnar Mills "integer", 926*d125652eSGunnar Mills "number", 927*d125652eSGunnar Mills "null", 928*d125652eSGunnar Mills "object", 929*d125652eSGunnar Mills "string" 930*d125652eSGunnar Mills ] 931*d125652eSGunnar Mills } 932*d125652eSGunnar Mills }, 933*d125652eSGunnar Mills "properties": { 934*d125652eSGunnar Mills "Oem": { 935*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 936*d125652eSGunnar Mills "description": "The OEM extension property.", 937*d125652eSGunnar Mills "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements.", 938*d125652eSGunnar Mills "versionAdded": "v1_3_0" 939*d125652eSGunnar Mills }, 940*d125652eSGunnar Mills "SearchSettings": { 941*d125652eSGunnar Mills "$ref": "#/definitions/LDAPSearchSettings", 942*d125652eSGunnar Mills "description": "The required settings to search an external LDAP service.", 943*d125652eSGunnar Mills "longDescription": "This property shall contain the required settings to search an external LDAP service.", 944*d125652eSGunnar Mills "versionAdded": "v1_3_0" 945*d125652eSGunnar Mills } 946*d125652eSGunnar Mills }, 947*d125652eSGunnar Mills "type": "object" 948*d125652eSGunnar Mills }, 949*d125652eSGunnar Mills "LocalAccountAuth": { 950*d125652eSGunnar Mills "enum": [ 951*d125652eSGunnar Mills "Enabled", 952*d125652eSGunnar Mills "Disabled", 953*d125652eSGunnar Mills "Fallback", 954*d125652eSGunnar Mills "LocalFirst" 955*d125652eSGunnar Mills ], 956*d125652eSGunnar Mills "enumDescriptions": { 957*d125652eSGunnar Mills "Disabled": "The service never authenticates users based on the account service-defined accounts collection.", 958*d125652eSGunnar Mills "Enabled": "The service authenticates users based on the account service-defined accounts collection.", 959*d125652eSGunnar Mills "Fallback": "The service authenticates users based on the account service-defined accounts collection only if any external account providers are currently unreachable.", 960*d125652eSGunnar Mills "LocalFirst": "The service first authenticates users based on the account service-defined accounts collection. If authentication fails, the service authenticates by using external account providers." 961*d125652eSGunnar Mills }, 962*d125652eSGunnar Mills "enumLongDescriptions": { 963*d125652eSGunnar Mills "Disabled": "The service shall never authenticate users based on the account service-defined manager accounts resource collection.", 964*d125652eSGunnar Mills "Enabled": "The service shall authenticate users based on the account service-defined manager accounts resource collection.", 965*d125652eSGunnar Mills "Fallback": "The service shall authenticate users based on the account service-defined manager accounts resource collection only if any external account providers are currently unreachable.", 966*d125652eSGunnar Mills "LocalFirst": "The service shall first authenticate users based on the account service-defined manager accounts resource collection. If authentication fails, the service shall authenticate by using external account providers." 967*d125652eSGunnar Mills }, 968*d125652eSGunnar Mills "enumVersionAdded": { 969*d125652eSGunnar Mills "LocalFirst": "v1_6_0" 970*d125652eSGunnar Mills }, 971*d125652eSGunnar Mills "type": "string" 972*d125652eSGunnar Mills }, 973*d125652eSGunnar Mills "MFABypass": { 974*d125652eSGunnar Mills "additionalProperties": false, 975*d125652eSGunnar Mills "description": "Multi-factor authentication bypass settings.", 976*d125652eSGunnar Mills "longDescription": "This type shall contain multi-factor authentication bypass settings.", 977*d125652eSGunnar Mills "patternProperties": { 978*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 979*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 980*d125652eSGunnar Mills "type": [ 981*d125652eSGunnar Mills "array", 982*d125652eSGunnar Mills "boolean", 983*d125652eSGunnar Mills "integer", 984*d125652eSGunnar Mills "number", 985*d125652eSGunnar Mills "null", 986*d125652eSGunnar Mills "object", 987*d125652eSGunnar Mills "string" 988*d125652eSGunnar Mills ] 989*d125652eSGunnar Mills } 990*d125652eSGunnar Mills }, 991*d125652eSGunnar Mills "properties": { 992*d125652eSGunnar Mills "BypassTypes": { 993*d125652eSGunnar Mills "description": "The types of multi-factor authentication this account or role mapping is allowed to bypass.", 994*d125652eSGunnar Mills "items": { 995*d125652eSGunnar Mills "anyOf": [ 996*d125652eSGunnar Mills { 997*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/AccountService.json#/definitions/MFABypassType" 998*d125652eSGunnar Mills }, 999*d125652eSGunnar Mills { 1000*d125652eSGunnar Mills "type": "null" 1001*d125652eSGunnar Mills } 1002*d125652eSGunnar Mills ] 1003*d125652eSGunnar Mills }, 1004*d125652eSGunnar Mills "longDescription": "This property shall contain the types of multi-factor authentication this account or role mapping is allowed to bypass. An empty array shall indicate this account or role mapping cannot bypass any multi-factor authentication types that are currently enabled.", 1005*d125652eSGunnar Mills "readonly": false, 1006*d125652eSGunnar Mills "type": "array", 1007*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1008*d125652eSGunnar Mills } 1009*d125652eSGunnar Mills }, 1010*d125652eSGunnar Mills "type": "object" 1011*d125652eSGunnar Mills }, 1012*d125652eSGunnar Mills "MicrosoftAuthenticator": { 1013*d125652eSGunnar Mills "additionalProperties": false, 1014*d125652eSGunnar Mills "description": "Various settings for Microsoft Authenticator multi-factor authentication.", 1015*d125652eSGunnar Mills "longDescription": "This type shall contain settings for Microsoft Authenticator multi-factor authentication.", 1016*d125652eSGunnar Mills "patternProperties": { 1017*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1018*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1019*d125652eSGunnar Mills "type": [ 1020*d125652eSGunnar Mills "array", 1021*d125652eSGunnar Mills "boolean", 1022*d125652eSGunnar Mills "integer", 1023*d125652eSGunnar Mills "number", 1024*d125652eSGunnar Mills "null", 1025*d125652eSGunnar Mills "object", 1026*d125652eSGunnar Mills "string" 1027*d125652eSGunnar Mills ] 1028*d125652eSGunnar Mills } 1029*d125652eSGunnar Mills }, 1030*d125652eSGunnar Mills "properties": { 1031*d125652eSGunnar Mills "Enabled": { 1032*d125652eSGunnar Mills "description": "An indication of whether multi-factor authentication with Microsoft Authenticator is enabled.", 1033*d125652eSGunnar Mills "longDescription": "This property shall indicate whether multi-factor authentication with Microsoft Authenticator is enabled.", 1034*d125652eSGunnar Mills "readonly": false, 1035*d125652eSGunnar Mills "type": [ 1036*d125652eSGunnar Mills "boolean", 1037*d125652eSGunnar Mills "null" 1038*d125652eSGunnar Mills ], 1039*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1040*d125652eSGunnar Mills }, 1041*d125652eSGunnar Mills "SecretKey": { 1042*d125652eSGunnar Mills "description": "The secret key to use when communicating with the Microsoft Authenticator server. This property is `null` in responses.", 1043*d125652eSGunnar Mills "longDescription": "This property shall contain the client key to use when communicating with the Microsoft Authenticator server. The value shall be `null` in responses.", 1044*d125652eSGunnar Mills "readonly": false, 1045*d125652eSGunnar Mills "type": [ 1046*d125652eSGunnar Mills "string", 1047*d125652eSGunnar Mills "null" 1048*d125652eSGunnar Mills ], 1049*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1050*d125652eSGunnar Mills }, 1051*d125652eSGunnar Mills "SecretKeySet": { 1052*d125652eSGunnar Mills "description": "Indicates if the `SecretKey` property is set.", 1053*d125652eSGunnar Mills "longDescription": "This property shall contain `true` if a valid value was provided for the `SecretKey` property. Otherwise, the property shall contain `false`.", 1054*d125652eSGunnar Mills "readonly": true, 1055*d125652eSGunnar Mills "type": "boolean", 1056*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1057*d125652eSGunnar Mills } 1058*d125652eSGunnar Mills }, 1059*d125652eSGunnar Mills "type": "object" 1060*d125652eSGunnar Mills }, 1061*d125652eSGunnar Mills "MultiFactorAuth": { 1062*d125652eSGunnar Mills "additionalProperties": false, 1063*d125652eSGunnar Mills "description": "Multi-factor authentication settings.", 1064*d125652eSGunnar Mills "longDescription": "This type shall contain multi-factor authentication settings.", 1065*d125652eSGunnar Mills "patternProperties": { 1066*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1067*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1068*d125652eSGunnar Mills "type": [ 1069*d125652eSGunnar Mills "array", 1070*d125652eSGunnar Mills "boolean", 1071*d125652eSGunnar Mills "integer", 1072*d125652eSGunnar Mills "number", 1073*d125652eSGunnar Mills "null", 1074*d125652eSGunnar Mills "object", 1075*d125652eSGunnar Mills "string" 1076*d125652eSGunnar Mills ] 1077*d125652eSGunnar Mills } 1078*d125652eSGunnar Mills }, 1079*d125652eSGunnar Mills "properties": { 1080*d125652eSGunnar Mills "ClientCertificate": { 1081*d125652eSGunnar Mills "anyOf": [ 1082*d125652eSGunnar Mills { 1083*d125652eSGunnar Mills "$ref": "#/definitions/ClientCertificate" 1084*d125652eSGunnar Mills }, 1085*d125652eSGunnar Mills { 1086*d125652eSGunnar Mills "type": "null" 1087*d125652eSGunnar Mills } 1088*d125652eSGunnar Mills ], 1089*d125652eSGunnar Mills "description": "The settings related to client certificate authentication schemes such as mTLS or CAC/PIV.", 1090*d125652eSGunnar Mills "longDescription": "This property shall contain the settings related to client certificate authentication.", 1091*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1092*d125652eSGunnar Mills }, 1093*d125652eSGunnar Mills "GoogleAuthenticator": { 1094*d125652eSGunnar Mills "anyOf": [ 1095*d125652eSGunnar Mills { 1096*d125652eSGunnar Mills "$ref": "#/definitions/GoogleAuthenticator" 1097*d125652eSGunnar Mills }, 1098*d125652eSGunnar Mills { 1099*d125652eSGunnar Mills "type": "null" 1100*d125652eSGunnar Mills } 1101*d125652eSGunnar Mills ], 1102*d125652eSGunnar Mills "description": "The settings related to Google Authenticator multi-factor authentication. For generic Time-Based One-Time Password (TOTP) multi-factor authentication, use the `TimeBasedOneTimePassword` property.", 1103*d125652eSGunnar Mills "longDescription": "This property shall contain the settings related to Google Authenticator multi-factor authentication.", 1104*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1105*d125652eSGunnar Mills }, 1106*d125652eSGunnar Mills "MicrosoftAuthenticator": { 1107*d125652eSGunnar Mills "anyOf": [ 1108*d125652eSGunnar Mills { 1109*d125652eSGunnar Mills "$ref": "#/definitions/MicrosoftAuthenticator" 1110*d125652eSGunnar Mills }, 1111*d125652eSGunnar Mills { 1112*d125652eSGunnar Mills "type": "null" 1113*d125652eSGunnar Mills } 1114*d125652eSGunnar Mills ], 1115*d125652eSGunnar Mills "description": "The settings related to Microsoft Authenticator multi-factor authentication. For generic Time-Based One-Time Password (TOTP) multi-factor authentication, use the `TimeBasedOneTimePassword` property.", 1116*d125652eSGunnar Mills "longDescription": "This property shall contain the settings related to Microsoft Authenticator multi-factor authentication.", 1117*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1118*d125652eSGunnar Mills }, 1119*d125652eSGunnar Mills "OneTimePasscode": { 1120*d125652eSGunnar Mills "anyOf": [ 1121*d125652eSGunnar Mills { 1122*d125652eSGunnar Mills "$ref": "#/definitions/OneTimePasscode" 1123*d125652eSGunnar Mills }, 1124*d125652eSGunnar Mills { 1125*d125652eSGunnar Mills "type": "null" 1126*d125652eSGunnar Mills } 1127*d125652eSGunnar Mills ], 1128*d125652eSGunnar Mills "description": "The settings related to one-time passcode (OTP) multi-factor authentication.", 1129*d125652eSGunnar Mills "longDescription": "This property shall contain the settings related to one-time passcode multi-factor authentication.", 1130*d125652eSGunnar Mills "versionAdded": "v1_14_0" 1131*d125652eSGunnar Mills }, 1132*d125652eSGunnar Mills "SecurID": { 1133*d125652eSGunnar Mills "anyOf": [ 1134*d125652eSGunnar Mills { 1135*d125652eSGunnar Mills "$ref": "#/definitions/SecurID" 1136*d125652eSGunnar Mills }, 1137*d125652eSGunnar Mills { 1138*d125652eSGunnar Mills "type": "null" 1139*d125652eSGunnar Mills } 1140*d125652eSGunnar Mills ], 1141*d125652eSGunnar Mills "description": "The settings related to RSA SecurID multi-factor authentication.", 1142*d125652eSGunnar Mills "longDescription": "This property shall contain the settings related to RSA SecurID multi-factor authentication.", 1143*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1144*d125652eSGunnar Mills }, 1145*d125652eSGunnar Mills "TimeBasedOneTimePassword": { 1146*d125652eSGunnar Mills "anyOf": [ 1147*d125652eSGunnar Mills { 1148*d125652eSGunnar Mills "$ref": "#/definitions/TimeBasedOneTimePassword" 1149*d125652eSGunnar Mills }, 1150*d125652eSGunnar Mills { 1151*d125652eSGunnar Mills "type": "null" 1152*d125652eSGunnar Mills } 1153*d125652eSGunnar Mills ], 1154*d125652eSGunnar Mills "description": "The settings related to Time-based One-Time Password (TOTP) multi-factor authentication.", 1155*d125652eSGunnar Mills "longDescription": "This property shall contain the settings related to RFC6238-defined Time-based One-Time Password (TOTP) multi-factor authentication.", 1156*d125652eSGunnar Mills "versionAdded": "v1_16_0" 1157*d125652eSGunnar Mills } 1158*d125652eSGunnar Mills }, 1159*d125652eSGunnar Mills "type": "object" 1160*d125652eSGunnar Mills }, 1161*d125652eSGunnar Mills "OAuth2Mode": { 1162*d125652eSGunnar Mills "enum": [ 1163*d125652eSGunnar Mills "Discovery", 1164*d125652eSGunnar Mills "Offline" 1165*d125652eSGunnar Mills ], 1166*d125652eSGunnar Mills "enumDescriptions": { 1167*d125652eSGunnar Mills "Discovery": "OAuth 2.0 service information for token validation is downloaded by the service.", 1168*d125652eSGunnar Mills "Offline": "OAuth 2.0 service information for token validation is configured by a client. Clients should configure the `Issuer` and `OAuthServiceSigningKeys` properties for this mode." 1169*d125652eSGunnar Mills }, 1170*d125652eSGunnar Mills "enumLongDescriptions": { 1171*d125652eSGunnar Mills "Discovery": "This value shall indicate the service performs token validation from information found at the URIs specified by the `ServiceAddresses` property. Services shall implement a caching method of this information so it's not necessary to retrieve metadata and key information for every request containing a token.", 1172*d125652eSGunnar Mills "Offline": "This value shall indicate the service performs token validation from properties configured by a client. Clients should configure the `Issuer` and `OAuthServiceSigningKeys` properties for this mode." 1173*d125652eSGunnar Mills }, 1174*d125652eSGunnar Mills "type": "string" 1175*d125652eSGunnar Mills }, 1176*d125652eSGunnar Mills "OAuth2Service": { 1177*d125652eSGunnar Mills "additionalProperties": false, 1178*d125652eSGunnar Mills "description": "Various settings to parse an OAuth 2.0 service.", 1179*d125652eSGunnar Mills "longDescription": "This type shall contain settings for parsing an OAuth 2.0 service.", 1180*d125652eSGunnar Mills "patternProperties": { 1181*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1182*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1183*d125652eSGunnar Mills "type": [ 1184*d125652eSGunnar Mills "array", 1185*d125652eSGunnar Mills "boolean", 1186*d125652eSGunnar Mills "integer", 1187*d125652eSGunnar Mills "number", 1188*d125652eSGunnar Mills "null", 1189*d125652eSGunnar Mills "object", 1190*d125652eSGunnar Mills "string" 1191*d125652eSGunnar Mills ] 1192*d125652eSGunnar Mills } 1193*d125652eSGunnar Mills }, 1194*d125652eSGunnar Mills "properties": { 1195*d125652eSGunnar Mills "Audience": { 1196*d125652eSGunnar Mills "description": "The allowable audience strings of the Redfish service.", 1197*d125652eSGunnar Mills "items": { 1198*d125652eSGunnar Mills "type": "string" 1199*d125652eSGunnar Mills }, 1200*d125652eSGunnar Mills "longDescription": "This property shall contain an array of allowable RFC7519-defined audience strings of the Redfish service. The values shall uniquely identify the Redfish service. For example, a MAC address or UUID for the manager can uniquely identify the service.", 1201*d125652eSGunnar Mills "readonly": true, 1202*d125652eSGunnar Mills "type": "array", 1203*d125652eSGunnar Mills "versionAdded": "v1_10_0" 1204*d125652eSGunnar Mills }, 1205*d125652eSGunnar Mills "Issuer": { 1206*d125652eSGunnar Mills "description": "The issuer string of the OAuth 2.0 service. Clients should configure this property if `Mode` contains `Offline`.", 1207*d125652eSGunnar Mills "longDescription": "This property shall contain the RFC8414-defined issuer string of the OAuth 2.0 service. If the `Mode` property contains the value `Discovery`, this property shall contain the value of the `issuer` string from the OAuth 2.0 service's metadata and this property shall be read-only. Clients should configure this property if `Mode` contains `Offline`.", 1208*d125652eSGunnar Mills "readonly": false, 1209*d125652eSGunnar Mills "type": [ 1210*d125652eSGunnar Mills "string", 1211*d125652eSGunnar Mills "null" 1212*d125652eSGunnar Mills ], 1213*d125652eSGunnar Mills "versionAdded": "v1_10_0" 1214*d125652eSGunnar Mills }, 1215*d125652eSGunnar Mills "Mode": { 1216*d125652eSGunnar Mills "$ref": "#/definitions/OAuth2Mode", 1217*d125652eSGunnar Mills "description": "The mode of operation for token validation.", 1218*d125652eSGunnar Mills "longDescription": "This property shall contain the mode of operation for token validation.", 1219*d125652eSGunnar Mills "readonly": false, 1220*d125652eSGunnar Mills "versionAdded": "v1_10_0" 1221*d125652eSGunnar Mills }, 1222*d125652eSGunnar Mills "OAuthServiceSigningKeys": { 1223*d125652eSGunnar Mills "description": "The Base64-encoded signing keys of the issuer of the OAuth 2.0 service. Clients should configure this property if `Mode` contains `Offline`.", 1224*d125652eSGunnar Mills "longDescription": "This property shall contain a Base64-encoded string, with padding characters, of the RFC7517-defined signing keys of the issuer of the OAuth 2.0 service. Services shall verify the token provided in the `Authorization` header of the request with the value of this property. If the `Mode` property contains the value `Discovery`, this property shall contain the keys found at the URI specified by the `jwks_uri` string from the OAuth 2.0 service's metadata and this property shall be read-only. Clients should configure this property if `Mode` contains `Offline`.", 1225*d125652eSGunnar Mills "readonly": false, 1226*d125652eSGunnar Mills "type": [ 1227*d125652eSGunnar Mills "string", 1228*d125652eSGunnar Mills "null" 1229*d125652eSGunnar Mills ], 1230*d125652eSGunnar Mills "versionAdded": "v1_10_0" 1231*d125652eSGunnar Mills }, 1232*d125652eSGunnar Mills "Oem": { 1233*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 1234*d125652eSGunnar Mills "description": "The OEM extension property.", 1235*d125652eSGunnar Mills "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements.", 1236*d125652eSGunnar Mills "versionAdded": "v1_13_0" 1237*d125652eSGunnar Mills } 1238*d125652eSGunnar Mills }, 1239*d125652eSGunnar Mills "type": "object" 1240*d125652eSGunnar Mills }, 1241*d125652eSGunnar Mills "OemActions": { 1242*d125652eSGunnar Mills "additionalProperties": true, 1243*d125652eSGunnar Mills "description": "The available OEM-specific actions for this resource.", 1244*d125652eSGunnar Mills "longDescription": "This type shall contain the available OEM-specific actions for this resource.", 1245*d125652eSGunnar Mills "patternProperties": { 1246*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1247*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1248*d125652eSGunnar Mills "type": [ 1249*d125652eSGunnar Mills "array", 1250*d125652eSGunnar Mills "boolean", 1251*d125652eSGunnar Mills "integer", 1252*d125652eSGunnar Mills "number", 1253*d125652eSGunnar Mills "null", 1254*d125652eSGunnar Mills "object", 1255*d125652eSGunnar Mills "string" 1256*d125652eSGunnar Mills ] 1257*d125652eSGunnar Mills } 1258*d125652eSGunnar Mills }, 1259*d125652eSGunnar Mills "properties": {}, 1260*d125652eSGunnar Mills "type": "object" 1261*d125652eSGunnar Mills }, 1262*d125652eSGunnar Mills "OneTimePasscode": { 1263*d125652eSGunnar Mills "additionalProperties": false, 1264*d125652eSGunnar Mills "description": "Various settings for one-time passcode (OTP) multi-factor authentication.", 1265*d125652eSGunnar Mills "longDescription": "This type shall contain settings for one-time passcode (OTP) multi-factor authentication.", 1266*d125652eSGunnar Mills "patternProperties": { 1267*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1268*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1269*d125652eSGunnar Mills "type": [ 1270*d125652eSGunnar Mills "array", 1271*d125652eSGunnar Mills "boolean", 1272*d125652eSGunnar Mills "integer", 1273*d125652eSGunnar Mills "number", 1274*d125652eSGunnar Mills "null", 1275*d125652eSGunnar Mills "object", 1276*d125652eSGunnar Mills "string" 1277*d125652eSGunnar Mills ] 1278*d125652eSGunnar Mills } 1279*d125652eSGunnar Mills }, 1280*d125652eSGunnar Mills "properties": { 1281*d125652eSGunnar Mills "Enabled": { 1282*d125652eSGunnar Mills "description": "An indication of whether multi-factor authentication using a one-time passcode is enabled.", 1283*d125652eSGunnar Mills "longDescription": "This property shall indicate whether multi-factor authentication using a one-time passcode is enabled. The passcode is sent to the delivery address associated with the account credentials provided in the request. If the credentials are associated with a `ManagerAccount` resource, the delivery address is specified by the `OneTimePasscodeDeliveryAddress` property. If the credentials are associated with a user from an LDAP account provider, the delivery address is contained in the LDAP attribute specified by the `EmailAttribute` property. An attempt to create a session when the `Token` property is not included in the request shall generate a message sent to the delivery address, using the SMTP settings from the Redfish event service, containing a one-time passcode. The service shall accept the one-time passcode as the valid value for the `Token` property in the next `POST` operation to create a session for the respective account.", 1284*d125652eSGunnar Mills "readonly": false, 1285*d125652eSGunnar Mills "type": [ 1286*d125652eSGunnar Mills "boolean", 1287*d125652eSGunnar Mills "null" 1288*d125652eSGunnar Mills ], 1289*d125652eSGunnar Mills "versionAdded": "v1_14_0" 1290*d125652eSGunnar Mills } 1291*d125652eSGunnar Mills }, 1292*d125652eSGunnar Mills "type": "object" 1293*d125652eSGunnar Mills }, 1294*d125652eSGunnar Mills "RoleMapping": { 1295*d125652eSGunnar Mills "additionalProperties": false, 1296*d125652eSGunnar Mills "description": "The mapping rules that are used to convert the external account providers account information to the local Redfish role.", 1297*d125652eSGunnar Mills "longDescription": "This type shall contain mapping rules that are used to convert the external account providers account information to the local Redfish role.", 1298*d125652eSGunnar Mills "patternProperties": { 1299*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1300*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1301*d125652eSGunnar Mills "type": [ 1302*d125652eSGunnar Mills "array", 1303*d125652eSGunnar Mills "boolean", 1304*d125652eSGunnar Mills "integer", 1305*d125652eSGunnar Mills "number", 1306*d125652eSGunnar Mills "null", 1307*d125652eSGunnar Mills "object", 1308*d125652eSGunnar Mills "string" 1309*d125652eSGunnar Mills ] 1310*d125652eSGunnar Mills } 1311*d125652eSGunnar Mills }, 1312*d125652eSGunnar Mills "properties": { 1313*d125652eSGunnar Mills "LocalAccountTypes": { 1314*d125652eSGunnar Mills "description": "The list of local services in the manager that the remote user or group is allowed to access.", 1315*d125652eSGunnar Mills "items": { 1316*d125652eSGunnar Mills "anyOf": [ 1317*d125652eSGunnar Mills { 1318*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/ManagerAccount.json#/definitions/AccountTypes" 1319*d125652eSGunnar Mills }, 1320*d125652eSGunnar Mills { 1321*d125652eSGunnar Mills "type": "null" 1322*d125652eSGunnar Mills } 1323*d125652eSGunnar Mills ] 1324*d125652eSGunnar Mills }, 1325*d125652eSGunnar Mills "longDescription": "This property shall contain an array of the various local manager services that the remote user or group is allowed to access. This shall not include functionality for receiving events or other notifications. If this property is not supported, the value shall be assumed to be an array that contains the value `Redfish`.", 1326*d125652eSGunnar Mills "readonly": false, 1327*d125652eSGunnar Mills "type": "array", 1328*d125652eSGunnar Mills "versionAdded": "v1_16_0" 1329*d125652eSGunnar Mills }, 1330*d125652eSGunnar Mills "LocalOEMAccountTypes": { 1331*d125652eSGunnar Mills "description": "The OEM account types for the remote user or group.", 1332*d125652eSGunnar Mills "items": { 1333*d125652eSGunnar Mills "type": [ 1334*d125652eSGunnar Mills "string", 1335*d125652eSGunnar Mills "null" 1336*d125652eSGunnar Mills ] 1337*d125652eSGunnar Mills }, 1338*d125652eSGunnar Mills "longDescription": "This property shall contain an array of the OEM account types for the remote user or group when `LocalAccountTypes` contains `OEM`.", 1339*d125652eSGunnar Mills "readonly": false, 1340*d125652eSGunnar Mills "type": "array", 1341*d125652eSGunnar Mills "versionAdded": "v1_16_0" 1342*d125652eSGunnar Mills }, 1343*d125652eSGunnar Mills "LocalRole": { 1344*d125652eSGunnar Mills "description": "The name of the local Redfish role to which to map the remote user or group.", 1345*d125652eSGunnar Mills "longDescription": "This property shall contain the `RoleId` property value within a role resource on this Redfish service to which to map the remote user or group.", 1346*d125652eSGunnar Mills "readonly": false, 1347*d125652eSGunnar Mills "type": [ 1348*d125652eSGunnar Mills "string", 1349*d125652eSGunnar Mills "null" 1350*d125652eSGunnar Mills ], 1351*d125652eSGunnar Mills "versionAdded": "v1_3_0" 1352*d125652eSGunnar Mills }, 1353*d125652eSGunnar Mills "MFABypass": { 1354*d125652eSGunnar Mills "anyOf": [ 1355*d125652eSGunnar Mills { 1356*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/AccountService.json#/definitions/MFABypass" 1357*d125652eSGunnar Mills }, 1358*d125652eSGunnar Mills { 1359*d125652eSGunnar Mills "type": "null" 1360*d125652eSGunnar Mills } 1361*d125652eSGunnar Mills ], 1362*d125652eSGunnar Mills "description": "The multi-factor authentication bypass settings.", 1363*d125652eSGunnar Mills "longDescription": "This property shall contain the multi-factor authentication bypass settings.", 1364*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1365*d125652eSGunnar Mills }, 1366*d125652eSGunnar Mills "Oem": { 1367*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 1368*d125652eSGunnar Mills "description": "The OEM extension property.", 1369*d125652eSGunnar Mills "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements.", 1370*d125652eSGunnar Mills "versionAdded": "v1_3_0" 1371*d125652eSGunnar Mills }, 1372*d125652eSGunnar Mills "RemoteGroup": { 1373*d125652eSGunnar Mills "description": "The name of the remote group, or the remote role in the case of a Redfish service, that maps to the local Redfish role to which this entity links.", 1374*d125652eSGunnar Mills "longDescription": "This property shall contain the name of the remote group, or the remote role in the case of a Redfish service, that maps to the local Redfish role to which this entity links.", 1375*d125652eSGunnar Mills "readonly": false, 1376*d125652eSGunnar Mills "type": [ 1377*d125652eSGunnar Mills "string", 1378*d125652eSGunnar Mills "null" 1379*d125652eSGunnar Mills ], 1380*d125652eSGunnar Mills "versionAdded": "v1_3_0" 1381*d125652eSGunnar Mills }, 1382*d125652eSGunnar Mills "RemoteUser": { 1383*d125652eSGunnar Mills "description": "The name of the remote user that maps to the local Redfish role to which this entity links.", 1384*d125652eSGunnar Mills "longDescription": "This property shall contain the name of the remote user that maps to the local Redfish role to which this entity links.", 1385*d125652eSGunnar Mills "readonly": false, 1386*d125652eSGunnar Mills "type": [ 1387*d125652eSGunnar Mills "string", 1388*d125652eSGunnar Mills "null" 1389*d125652eSGunnar Mills ], 1390*d125652eSGunnar Mills "versionAdded": "v1_3_0" 1391*d125652eSGunnar Mills } 1392*d125652eSGunnar Mills }, 1393*d125652eSGunnar Mills "type": "object" 1394*d125652eSGunnar Mills }, 1395*d125652eSGunnar Mills "SecurID": { 1396*d125652eSGunnar Mills "additionalProperties": false, 1397*d125652eSGunnar Mills "description": "Various settings for RSA SecurID multi-factor authentication.", 1398*d125652eSGunnar Mills "longDescription": "This type shall contain settings for RSA SecurID multi-factor authentication.", 1399*d125652eSGunnar Mills "patternProperties": { 1400*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1401*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1402*d125652eSGunnar Mills "type": [ 1403*d125652eSGunnar Mills "array", 1404*d125652eSGunnar Mills "boolean", 1405*d125652eSGunnar Mills "integer", 1406*d125652eSGunnar Mills "number", 1407*d125652eSGunnar Mills "null", 1408*d125652eSGunnar Mills "object", 1409*d125652eSGunnar Mills "string" 1410*d125652eSGunnar Mills ] 1411*d125652eSGunnar Mills } 1412*d125652eSGunnar Mills }, 1413*d125652eSGunnar Mills "properties": { 1414*d125652eSGunnar Mills "Certificates": { 1415*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/CertificateCollection.json#/definitions/CertificateCollection", 1416*d125652eSGunnar Mills "description": "The link to a collection of server certificates for the RSA SecurID server referenced by the `ServerURI` property.", 1417*d125652eSGunnar Mills "longDescription": "This property shall contain a link to a resource collection of type `CertificateCollection` that represent the server certificates for the RSA SecurID server referenced by the `ServerURI` property. Regardless of the contents of this collection, services may perform additional verification based on other factors, such as the configuration of the `SecurityPolicy` resource.", 1418*d125652eSGunnar Mills "readonly": true, 1419*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1420*d125652eSGunnar Mills }, 1421*d125652eSGunnar Mills "ClientId": { 1422*d125652eSGunnar Mills "description": "The client ID to use when communicating with the RSA SecurID server.", 1423*d125652eSGunnar Mills "longDescription": "This property shall contain the client ID to use when communicating with the RSA SecurID server.", 1424*d125652eSGunnar Mills "readonly": false, 1425*d125652eSGunnar Mills "type": [ 1426*d125652eSGunnar Mills "string", 1427*d125652eSGunnar Mills "null" 1428*d125652eSGunnar Mills ], 1429*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1430*d125652eSGunnar Mills }, 1431*d125652eSGunnar Mills "ClientSecret": { 1432*d125652eSGunnar Mills "description": "The client secret to use when communicating with the RSA SecurID server. This property is `null` in responses.", 1433*d125652eSGunnar Mills "longDescription": "This property shall contain the client secret to use when communicating with the RSA SecurID server. The value shall be `null` in responses.", 1434*d125652eSGunnar Mills "readonly": false, 1435*d125652eSGunnar Mills "type": [ 1436*d125652eSGunnar Mills "string", 1437*d125652eSGunnar Mills "null" 1438*d125652eSGunnar Mills ], 1439*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1440*d125652eSGunnar Mills }, 1441*d125652eSGunnar Mills "ClientSecretSet": { 1442*d125652eSGunnar Mills "description": "Indicates if the `ClientSecret` property is set.", 1443*d125652eSGunnar Mills "longDescription": "This property shall contain `true` if a valid value was provided for the `ClientSecret` property. Otherwise, the property shall contain `false`.", 1444*d125652eSGunnar Mills "readonly": true, 1445*d125652eSGunnar Mills "type": "boolean", 1446*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1447*d125652eSGunnar Mills }, 1448*d125652eSGunnar Mills "Enabled": { 1449*d125652eSGunnar Mills "description": "An indication of whether multi-factor authentication with RSA SecurID is enabled.", 1450*d125652eSGunnar Mills "longDescription": "This property shall indicate whether multi-factor authentication with RSA SecurID is enabled.", 1451*d125652eSGunnar Mills "readonly": false, 1452*d125652eSGunnar Mills "type": [ 1453*d125652eSGunnar Mills "boolean", 1454*d125652eSGunnar Mills "null" 1455*d125652eSGunnar Mills ], 1456*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1457*d125652eSGunnar Mills }, 1458*d125652eSGunnar Mills "ServerURI": { 1459*d125652eSGunnar Mills "description": "The URI of the RSA SecurID server.", 1460*d125652eSGunnar Mills "format": "uri-reference", 1461*d125652eSGunnar Mills "longDescription": "This property shall contain the URI of the RSA SecurID server.", 1462*d125652eSGunnar Mills "readonly": false, 1463*d125652eSGunnar Mills "type": [ 1464*d125652eSGunnar Mills "string", 1465*d125652eSGunnar Mills "null" 1466*d125652eSGunnar Mills ], 1467*d125652eSGunnar Mills "versionAdded": "v1_12_0" 1468*d125652eSGunnar Mills } 1469*d125652eSGunnar Mills }, 1470*d125652eSGunnar Mills "type": "object" 1471*d125652eSGunnar Mills }, 1472*d125652eSGunnar Mills "TACACSplusPasswordExchangeProtocol": { 1473*d125652eSGunnar Mills "enum": [ 1474*d125652eSGunnar Mills "ASCII", 1475*d125652eSGunnar Mills "PAP", 1476*d125652eSGunnar Mills "CHAP", 1477*d125652eSGunnar Mills "MSCHAPv1", 1478*d125652eSGunnar Mills "MSCHAPv2" 1479*d125652eSGunnar Mills ], 1480*d125652eSGunnar Mills "enumDescriptions": { 1481*d125652eSGunnar Mills "ASCII": "The ASCII Login method.", 1482*d125652eSGunnar Mills "CHAP": "The CHAP Login method.", 1483*d125652eSGunnar Mills "MSCHAPv1": "The MS-CHAP v1 Login method.", 1484*d125652eSGunnar Mills "MSCHAPv2": "The MS-CHAP v2 Login method.", 1485*d125652eSGunnar Mills "PAP": "The PAP Login method." 1486*d125652eSGunnar Mills }, 1487*d125652eSGunnar Mills "enumLongDescriptions": { 1488*d125652eSGunnar Mills "ASCII": "This value shall indicate the ASCII Login flow as described under section 5.4.2 of RFC8907.", 1489*d125652eSGunnar Mills "CHAP": "This value shall indicate the CHAP Login flow as described under section 5.4.2 of RFC8907.", 1490*d125652eSGunnar Mills "MSCHAPv1": "This value shall indicate the MS-CHAP v1 Login flow as described under section 5.4.2 of RFC8907.", 1491*d125652eSGunnar Mills "MSCHAPv2": "This value shall indicate the MS-CHAP v2 Login flow as described under section 5.4.2 of RFC8907.", 1492*d125652eSGunnar Mills "PAP": "This value shall indicate the PAP Login flow as described under section 5.4.2 of RFC8907." 1493*d125652eSGunnar Mills }, 1494*d125652eSGunnar Mills "type": "string" 1495*d125652eSGunnar Mills }, 1496*d125652eSGunnar Mills "TACACSplusService": { 1497*d125652eSGunnar Mills "additionalProperties": false, 1498*d125652eSGunnar Mills "description": "Various settings to parse a TACACS+ service.", 1499*d125652eSGunnar Mills "longDescription": "This type shall contain settings for parsing a TACACS+ service.", 1500*d125652eSGunnar Mills "patternProperties": { 1501*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1502*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1503*d125652eSGunnar Mills "type": [ 1504*d125652eSGunnar Mills "array", 1505*d125652eSGunnar Mills "boolean", 1506*d125652eSGunnar Mills "integer", 1507*d125652eSGunnar Mills "number", 1508*d125652eSGunnar Mills "null", 1509*d125652eSGunnar Mills "object", 1510*d125652eSGunnar Mills "string" 1511*d125652eSGunnar Mills ] 1512*d125652eSGunnar Mills } 1513*d125652eSGunnar Mills }, 1514*d125652eSGunnar Mills "properties": { 1515*d125652eSGunnar Mills "AuthorizationService": { 1516*d125652eSGunnar Mills "description": "The TACACS+ service authorization argument.", 1517*d125652eSGunnar Mills "longDescription": "This property shall contain the TACACS+ service authorization argument as defined by section 8.2 of RFC8907. If this property is not present, the service defines the value to provide to the TACACS+ server.", 1518*d125652eSGunnar Mills "readonly": false, 1519*d125652eSGunnar Mills "type": "string", 1520*d125652eSGunnar Mills "versionAdded": "v1_13_0" 1521*d125652eSGunnar Mills }, 1522*d125652eSGunnar Mills "Oem": { 1523*d125652eSGunnar Mills "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 1524*d125652eSGunnar Mills "description": "The OEM extension property.", 1525*d125652eSGunnar Mills "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements.", 1526*d125652eSGunnar Mills "versionAdded": "v1_13_0" 1527*d125652eSGunnar Mills }, 1528*d125652eSGunnar Mills "PasswordExchangeProtocols": { 1529*d125652eSGunnar Mills "description": "Indicates the allowed TACACS+ password exchange protocols.", 1530*d125652eSGunnar Mills "items": { 1531*d125652eSGunnar Mills "anyOf": [ 1532*d125652eSGunnar Mills { 1533*d125652eSGunnar Mills "$ref": "#/definitions/TACACSplusPasswordExchangeProtocol" 1534*d125652eSGunnar Mills }, 1535*d125652eSGunnar Mills { 1536*d125652eSGunnar Mills "type": "null" 1537*d125652eSGunnar Mills } 1538*d125652eSGunnar Mills ] 1539*d125652eSGunnar Mills }, 1540*d125652eSGunnar Mills "longDescription": "This property shall indicate all the allowed TACACS+ password exchange protocol described under section 5.4.2 of RFC8907.", 1541*d125652eSGunnar Mills "readonly": false, 1542*d125652eSGunnar Mills "type": "array", 1543*d125652eSGunnar Mills "versionAdded": "v1_8_0" 1544*d125652eSGunnar Mills }, 1545*d125652eSGunnar Mills "PrivilegeLevelArgument": { 1546*d125652eSGunnar Mills "description": "Indicates the name of the TACACS+ argument name in an authorization request.", 1547*d125652eSGunnar Mills "longDescription": "This property shall specify the name of the argument in a TACACS+ Authorization REPLY packet body, as defined in RFC8907, that contains the user's privilege level.", 1548*d125652eSGunnar Mills "readonly": false, 1549*d125652eSGunnar Mills "type": [ 1550*d125652eSGunnar Mills "string", 1551*d125652eSGunnar Mills "null" 1552*d125652eSGunnar Mills ], 1553*d125652eSGunnar Mills "versionAdded": "v1_8_0" 1554*d125652eSGunnar Mills } 1555*d125652eSGunnar Mills }, 1556*d125652eSGunnar Mills "type": "object" 1557*d125652eSGunnar Mills }, 1558*d125652eSGunnar Mills "TimeBasedOneTimePassword": { 1559*d125652eSGunnar Mills "additionalProperties": false, 1560*d125652eSGunnar Mills "description": "Various settings for Time-based One-Time Password (TOTP) multi-factor authentication.", 1561*d125652eSGunnar Mills "longDescription": "This type shall contain settings for RFC6238-defined Time-based One-Time Password (TOTP) multi-factor authentication.", 1562*d125652eSGunnar Mills "patternProperties": { 1563*d125652eSGunnar Mills "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 1564*d125652eSGunnar Mills "description": "This property shall specify a valid odata or Redfish property.", 1565*d125652eSGunnar Mills "type": [ 1566*d125652eSGunnar Mills "array", 1567*d125652eSGunnar Mills "boolean", 1568*d125652eSGunnar Mills "integer", 1569*d125652eSGunnar Mills "number", 1570*d125652eSGunnar Mills "null", 1571*d125652eSGunnar Mills "object", 1572*d125652eSGunnar Mills "string" 1573*d125652eSGunnar Mills ] 1574*d125652eSGunnar Mills } 1575*d125652eSGunnar Mills }, 1576*d125652eSGunnar Mills "properties": { 1577*d125652eSGunnar Mills "Enabled": { 1578*d125652eSGunnar Mills "description": "An indication of whether multi-factor authentication with a Time-based One-Time Password (TOTP) is enabled.", 1579*d125652eSGunnar Mills "longDescription": "This property shall indicate whether multi-factor authentication with an RFC6238-defined Time-based One-Time Password (TOTP) is enabled.", 1580*d125652eSGunnar Mills "readonly": false, 1581*d125652eSGunnar Mills "type": [ 1582*d125652eSGunnar Mills "boolean", 1583*d125652eSGunnar Mills "null" 1584*d125652eSGunnar Mills ], 1585*d125652eSGunnar Mills "versionAdded": "v1_16_0" 1586*d125652eSGunnar Mills }, 1587*d125652eSGunnar Mills "TimeStepSeconds": { 1588*d125652eSGunnar Mills "description": "The time step, in seconds, for calculating the one-time password.", 1589*d125652eSGunnar Mills "longDescription": "This property shall contain the RFC6238-defined time step, in seconds, for calculating the one-time password. If this property is not supported by the service, it shall be assumed to be `30`.", 1590*d125652eSGunnar Mills "minimum": 1, 1591*d125652eSGunnar Mills "readonly": false, 1592*d125652eSGunnar Mills "type": [ 1593*d125652eSGunnar Mills "integer", 1594*d125652eSGunnar Mills "null" 1595*d125652eSGunnar Mills ], 1596*d125652eSGunnar Mills "versionAdded": "v1_16_0" 1597*d125652eSGunnar Mills } 1598*d125652eSGunnar Mills }, 1599*d125652eSGunnar Mills "type": "object" 1600*d125652eSGunnar Mills } 1601*d125652eSGunnar Mills }, 1602*d125652eSGunnar Mills "language": "en", 1603*d125652eSGunnar Mills "owningEntity": "DMTF", 1604*d125652eSGunnar Mills "release": "2025.1", 1605*d125652eSGunnar Mills "title": "#AccountService.v1_18_0.AccountService" 1606*d125652eSGunnar Mills}