The read REST interface will search the configured database for particular identity information about the user defined by name. The user defined by the admin attribute must have the permission to read the identity information. The URL needs to be populated with the following information.
name defines the name of the identity whose profile will be read. The value is the Universal ID in the user's OpenSSO profile.
attributes_names defines one or more LDAP attributes for which to search.
identity_realm defines the realm in which the identity is configured. This is an optional parameter.
admin defines the tokenid of the user with the necessary permissions to search; for example amadmin.
This is an example URL that would return the specified attribute values from the user's LDAP profile.
http://OpenSSO-host:OpenSSO-port/opensso/identity/read?name=jning &attributes_names=uid &admin=AQIC5wM2LY4SfcxCWBCNON1gTsaMaHISbYmTyYosv8pCPVw=@AAJTSQACMDE=# |
The URL might return something like this:
identitydetails.name=jning identitydetails.type=user identitydetails.realm=dc=opensso,dc=java,dc=net identitydetails.attribute= identitydetails.attribute.name=uid identitydetails.attribute.value=jning
The operation might also return PermissionDenied if the user defined by admin does not have the appropriate permissions, TokenExpired when the token has expired or GeneralFailure on other errors.