{

"queryId" : "credential-query",

"queryOnResource" : "managed/user",

"propertyMapping" : {

"userId" : "_id",

"userCredential" : "password",

"userRoles" : "roles"

},

"defaultUserRoles" : [ ],

"serverAuthConfig" : {

"auditLogger" : "org.forgerock.openidm.jaspi.modules.IDMAuthenticationAuditLogger",

"iwaAdPassthrough" : {

"sessionModule" : {

"className" : "org.forgerock.jaspi.modules.iwa.JwtSessionModule",

"keyAlias" : "openidm-localhost",

"privateKeyPassword" : "&{openidm.keystore.password}",

"keystoreType" : "&{openidm.keystore.type}",

"keystoreFile" : "&{openidm.keystore.location}",

"keystorePassword" : "&{openidm.keystore.password}",

"maxTokenLife" : "30",

"tokenIdleTime" : "10"

},

"authModules" : [

{

"className" : "org.forgerock.openidm.jaspi.modules.IWAPassthroughModule",

"servicePrincipal" : "SERVICE_PRINCIPAL",

"keytabFileName" : "KEYTAB_FILE_LOCATION",

"kerberosRealm" : "KERBEROS_REALM",

"kerberosServerName" : "KERBEROS_SERVER_NAME",

"passThroughAuth" : "system/AD/account",

"propertyMapping" : {

"userRoles" : "roles"

},

"defaultUserRoles" : [ ]

},

{

"className" : "org.forgerock.openidm.jaspi.modules.InternalUserAuthModule",

"propertyMapping" : {

"userId" : "_id",

"userCredential" : "password",

"userRoles" : "roles"

},

"defaultUserRoles" : [ ]

}

]

}

}

}