createAuthenticationRealm

This command takes a JSON request string or file. Use the following template for the request:

{
  "authorizationRealmIds": ["AuthorizationRealms"],
  "description": "A descrption (optional)",
  "name": "AuthenticationRealm name",
  "properties": {
    "auth-endpoint": "OIDC: The URI for authorization with 
  the OpenID Provider",
    "authentication-mech": "LDAP: Simple or DIGEST-MD5",
    "client-id": "OIDC: The Client ID which is registered 
  with the OpenID Provider",
    "client-secret": "OIDC: The Client Secret which is 
  provided by the OpenID Provider upon registration",
    "connection-name": "LDAP: The username to use for 
  Simple binding to LDAP for searches. If not specified, an 
  anonymous connection is made.",
    "connection-password": "LDAP: The password to use for 
  Simple binding to LDAP for searches.",
    "email-claim": "OIDC: The claim containing the user's 
  email.",
    "end-session-endpoint": "OIDC: Optional: The URI for 
  RP-initiated logout",
    "groups-delim": "SSO: A string that acts as the 
  delimiter between groups that are passed in the headers. 
  For example, if the user should be added to groups GROUP1 
  and GROUP2, and the header value was \"GROUP=GROUP1;
  GROUP=GROUP2\" the delimiter would be ';'. Note: special 
  regex characters such as '+' must be escaped with one 
  backslash '∖'.",
    "groups-header": "SSO: The header name that denotes 
  the user groups to which user will be added.",
    "groups-regex": "SSO: The regular expression to find 
  the groups in the header value. If a capturing group is 
  specified, only the first will be caught (per delimited 
  string). If no capturing group is specified with 
  parentheses, then the whole delimited string will be 
  captured.",
    "issuer": "OIDC: The issuer identifier for the issuer 
  of the token response.",
    "jwks-uri": "OIDC: The JSON Web Key Sets URI endpoint",
    "name-claim": "OIDC: The claim containing user's name.",
    "sasl-realm": "LDAP: The sasl Realm for DIGEST-MD5 
  authentication",
    "token-endpoint": "OIDC: 'The URI for token requests 
  with the OpenID Provider",
    "url": "LDAP: The URL of the LDAP server. It should 
  begin with 'ldap://' or 'ldaps://'. Failover servers can 
  be added by separating the URLs with a space. Example: 
  ldap://ldap.mydomain.com:389 ldap://ldap.mydomain2.com",
    "user-base": "LDAP: When you search multiple 
  directories, specify the starting directory that is used 
  for searches, such as ou=employees,dc=mydomain,dc=com.",
    "user-pattern": "LDAP: LDAP users exist in a single 
  directory; use a pattern to create the DN for users.",
    "user-search": "LDAP: The LDAP filter expression to 
  use when searching for user directory entries. The 
  username is put in place of {0} in the search pattern. If 
  this is an attribute and not part of the user DN, wrap in 
  parentheses. E.g. uid={0} or (sAMAccountName={0})",
    "user-search-subtree": "LDAP: Search the full subtree 
  for the user, as opposed to a single-level search only 
  covering users directly inside the specified search base. 
  \"true\" or \"false\"",
    "userinfo-endpoint": "OIDC: The URI for userinfo 
  requests with the OpenID Provider"
  },
  "type": [
    "Any one of:",
    "INTERNAL",
    "LDAP",
    "SSO",
    "OIDC"
  ]
}