Skip to content

Instantly share code, notes, and snippets.

@paulodutra

paulodutra/OpenamRESTapi

Forked from burck1/OpenamRESTapi
Created August 21, 2020 15:17
Show Gist options
  • Save paulodutra/1c296546667399b3ce192000820061f6 to your computer and use it in GitHub Desktop.
Save paulodutra/1c296546667399b3ce192000820061f6 to your computer and use it in GitHub Desktop.
Download ZIP
OpenAM REST api summary
Raw
OpenamRESTapi
Ref: http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/dev-guide/index/chap-rest.html#chap-rest
Authentication - http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/dev-guide/index/chap-rest.html#rest-api-auth-json
Token Validation - http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/dev-guide/index/chap-rest.html#rest-api-token-validation
User Self Registration - http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/dev-guide/index/chap-rest.html#rest-api-self-registration
Reseting Forgotten Passwords - http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/dev-guide/index/chap-rest.html#rest-api-password-reset
Identity Management - http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/dev-guide/index/chap-rest.html#rest-api-crud-identity
Login v1:
POST /json/authenticate
Parameters:
Optional:
noSession: <true/false>
Headers:
X-OpenAM-Username: <username>
X-OpenAM-Password: <password>
Content-Type: application/json
Data:
Response:
200
{
"tokenId": "AQIC5w.......*",
"successUrl": "/openam/console"
}
OR 200
{
"message": "Authentication Successful",
"successUrl": "/openam/console"
}
OR 401
{
"errorMessage": "Invalid Password!!"
}
Login v2:
POST /json/authenticate
Parameters:
Optional:
noSession: <true/false>
Headers:
Content-Type: application/json
Data:
Response:
{
"authId": "...jwt-value...",
"template": "",
"stage": "DataStore1",
"callbacks": [{
"type": "NameCallback",
"output": [{
"name": "prompt",
"value": " User Name: "
}],
"input": [{
"name": "IDToken1",
"value": ""
}]
}, {
"type": "PasswordCallback",
"output": [{
"name": "prompt",
"value": " Password: "
}],
"input": [{
"name": "IDToken2",
"value": ""
}]
}]
}
POST /json/authenticate
Parameters:
Headers:
Content-Type: application/json
Data:
{
"authId": "...jwt-value...",
"template": "",
"stage": "DataStore1",
"callbacks": [{
"type": "NameCallback",
"output": [{
"name": "prompt",
"value": " User Name: "
}],
"input": [{
"name": "IDToken1",
"value": "<username>"
}]
}, {
"type": "PasswordCallback",
"output": [{
"name": "prompt",
"value": " Password: "
}],
"input": [{
"name": "IDToken2",
"value": "<password>"
}]
}]
}
Response:
200
{
"tokenId": "AQIC5w.......*",
"successUrl": "/openam/console"
}
OR 200
{
"message": "Authentication Successful",
"successUrl": "/openam/console"
}
OR 401
{
"errorMessage": "Invalid Password!!"
}
Logout:
POST /json/sessions/
Parameters:
_action: logout
Headers:
iplanetDirectoryPro: <tokenId>
Content-Type: application/json
Data:
Response:
200
{
"result": "Successfully logged out"
}
OR 401
NOT WORKING FOR SOME REASON!!! - http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/dev-guide/#rest-api-token-validation
Token Validation:
POST /json/sessions/<tokenId>
Parameters:
_action: validate
Headers:
Content-Type: application/json
Data:
Response:
200
{
"valid": true,
"uid": "demo",
"realm": "/realm"
}
OR 200
{
"valid": false
}
Token Validation v2 (depricated):
POST /identity/isTokenValid
Parameters:
Headers:
Data (x-www-form-urlencoded):
tokenid: <tokenId>
Response:
200
boolean=true
OR 200
boolean=false
Identity Management - Creating Identities v1:
POST /json/users/
Parameters:
_action: create
Headers:
Content-Type: application/json
iplanetDirectoryPro: <tokenId>
Data:
{
"username": "<username>",
"userpassword": "<password>",
"mail": "<email_address>"
}
Response:
200
{
"username": "<username>",
"realm": "/",
"uid": [
"<username>"
],
"mail": [
"<email_address>"
],
"sn": [
"<username>"
],
"userpassword": [
"{SSHA}0pXpKLPRKCGY7g3YqZygJmKMW6IC2BLJimmlwg=="
],
"cn": [
"<username>"
],
"inetuserstatus": [
"Active"
],
"dn": [
"uid=<username>,ou=people,dc=openam,dc=forgerock,dc=org"
],
"objectclass": [
"person",
"sunIdentityServerLibertyPPService",
"sunFederationManagerDataStore",
"inetorgperson",
"iPlanetPreferences",
"iplanet-am-auth-configuration-service",
"organizationalperson",
"sunFMSAML2NameIdentifier",
"inetuser",
"iplanet-am-managed-person",
"sunAMAuthAccountLockout",
"iplanet-am-user-service",
"top"
],
"universalid": [
"id=<username>,ou=user,dc=openam,dc=forgerock,dc=org"
]
}
Identity Management - Creating Identities v2:
PUT /json/users/<username>
Parameters:
Headers:
Content-Type: application/json
iplanetDirectoryPro: <tokenId>
If-None-Match: *
Data:
{
"username": "<username>",
"userpassword": "<password>",
"mail": "<email_address>"
}
Response:
200
{
"username": "<username>",
"realm": "/",
"uid": [
"<username>"
],
"mail": [
"<email_address>"
],
"sn": [
"<username>"
],
"userpassword": [
"{SSHA}0pXpKLPRKCGY7g3YqZygJmKMW6IC2BLJimmlwg=="
],
"cn": [
"<username>"
],
"inetuserstatus": [
"Active"
],
"dn": [
"uid=<username>,ou=people,dc=openam,dc=forgerock,dc=org"
],
"objectclass": [
"person",
"sunIdentityServerLibertyPPService",
"sunFederationManagerDataStore",
"inetorgperson",
"iPlanetPreferences",
"iplanet-am-auth-configuration-service",
"organizationalperson",
"sunFMSAML2NameIdentifier",
"inetuser",
"iplanet-am-managed-person",
"sunAMAuthAccountLockout",
"iplanet-am-user-service",
"top"
],
"universalid": [
"id=<username>,ou=user,dc=openam,dc=forgerock,dc=org"
]
}
Identity Management - Reading Identities
GET /json/users/<username>
Parameters:
Optional:
_fields: <needed_fields (ex. username,uid)>
Headers:
iplanetDirectoryPro: <tokenId>
Data:
Response:
200
{
"username": "<username>",
"realm": "dc=openam,dc=forgerock,dc=org",
"uid": [
"<username>"
],
"userpassword": [
"{SSHA}BKPAKRS3QKkvQRw25MfXbVC4VEuVNUf+yCaejg=="
],
"sn": [
"<username>"
],
"cn": [
"<username>"
],
"inetuserstatus": [
"Active"
],
"dn": [
"uid=<username>,ou=people,dc=openam,dc=forgerock,dc=org"
],
"objectclass": [
"devicePrintProfilesContainer",
"person",
"sunIdentityServerLibertyPPService",
"inetorgperson",
"sunFederationManagerDataStore",
"iPlanetPreferences",
"iplanet-am-auth-configuration-service",
"organizationalperson",
"sunFMSAML2NameIdentifier",
"inetuser",
"forgerock-am-dashboard-service",
"iplanet-am-managed-person",
"iplanet-am-user-service",
"sunAMAuthAccountLockout",
"top"
],
"universalid": [
"id=<username>,ou=user,dc=openam,dc=forgerock,dc=org"
]
}
Identity Management - Updating Identities
PUT /json/users/<username>
Parameters:
Headers:
Content-Type: application/json
iplanetDirectoryPro: <tokenId>
Data:
{
"mail": "<email_address>"
}
Response:
200
{
"username": "<username>",
"realm": "/",
"uid": [
"<username>"
],
"mail": [
"<email_address>"
],
"sn": [
"<username>"
],
"userpassword": [
"{SSHA}S14oR2gusLWtiDkAS4twj63slXNNaMKpwrOWdw=="
],
"cn": [
"<username>"
],
"inetuserstatus": [
"Active"
],
"dn": [
"uid=<username>,ou=people,dc=openam,dc=forgerock,dc=org"
],
"objectclass": [
"person",
"sunIdentityServerLibertyPPService",
"sunFederationManagerDataStore",
"inetorgperson",
"iPlanetPreferences",
"iplanet-am-auth-configuration-service",
"organizationalperson",
"sunFMSAML2NameIdentifier",
"inetuser",
"iplanet-am-managed-person",
"sunAMAuthAccountLockout",
"iplanet-am-user-service",
"top"
],
"universalid": [
"id=<username>,ou=user,dc=openam,dc=forgerock,dc=org"
]
}
Identity Management - Deleting Identities
DELETE /json/users/<username>
Parameters:
Headers:
iplanetDirectoryPro: <tokenId>
Data:
Response:
200
{
"success": "true"
}
OR 400
{
"code": 400,
"reason": "<reason>",
"message": "<message>"
}
Identity Management - Listing Identities
GET /json/users/
Parameters:
_queryID: *
Headers:
iplanetDirectoryPro: <tokenId>
Data:
Response:
200
{
"result": [
"<username1>",
"<username2>",
"<username3>",
"<username4>"
],
"resultCount": 4,
"pagedResultsCookie": null,
"remainingPagedResults": -1
}
Identity Management - Changing Passwords
PUT /json/users/<username>
Parameters:
Headers:
Content-Type: application/json
iplanetDirectoryPro: <tokenId>
If Not Admin:
olduserpassword: <old_password>
Data:
{
"userpassword": "<new_password>"
}
Response:
{
"username": "<username>",
"realm": "/",
"uid": [
"<username>"
],
"mail": [
"<email_address>"
],
"sn": [
"<username>"
],
"userPassword": [
"{SSHA}XEuaovyLwOoqQzu7MdRBbHi+4UALLBehmfX/yg=="
],
"cn": [
"<username>"
],
"inetUserStatus": [
"Active"
],
"dn": [
"uid=<username>,ou=people,dc=openam,dc=forgerock,dc=org"
],
"objectClass": [
"devicePrintProfilesContainer",
"person",
"sunIdentityServerLibertyPPService",
"inetorgperson",
"sunFederationManagerDataStore",
"iPlanetPreferences",
"iplanet-am-auth-configuration-service",
"organizationalperson",
"sunFMSAML2NameIdentifier",
"inetuser",
"forgerock-am-dashboard-service",
"iplanet-am-managed-person",
"iplanet-am-user-service",
"sunAMAuthAccountLockout",
"top"
],
"universalid": [
"id=<username>,ou=user,dc=openam,dc=forgerock,dc=org"
]
}
REST Status Codes (http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/dev-guide/#rest-api-status-codes):
200 OK
201 Created
400 Bad Request
401 Unauthorized
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
415 Unsupported Media Type
500 Internal Server Error
501 Not Implemented
503 Service Unavailable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment