Sun OpenSSO Enterprise 8.0 Developer's Guide

Display Identity Data

The attributes REST interface will search the configured database for identity information about the defined user. It retrieves roles and common attributes (including first name and last name) and is used by applications to obtain a user's profile for application-controlled authorization. (It is assumed the user defined by subjectid has the appropriate permissions to display their own identity information.) The URL needs to be populated with the following information.

subjectid defines the tokenid of the user whose identity information is being returned.
attributes_names defines one or more LDAP attributes for which values will be returned. If not defined the URL would return all attributes in the profile.

This is an example URL that would return the specified attribute values from the user's LDAP profile.

http://OpenSSO-host:OpenSSO-port/opensso/identity/attributes?attributes_names=uid
&subjectid=AQIC5wM2LY4Sfcz6eH4abOQ0el7pnDqmOn6nnn1nrcuE8/w=@AAJTSQACMDE=#

The URL might return something like this:

userdetails.token.id=AQIC5wM2LY4Sfcz6eH4abOQ0el7pnDqmOn6nnn1nrcuE8/w=@AAJTSQACMDE=#
userdetails.attribute.name=sn 
userdetails.attribute.value=jning 
userdetails.attribute.name=cn 
userdetails.attribute.value=jning 
userdetails.attribute.name=objectclass 
userdetails.attribute.value=sunFederationManagerDataStore 
userdetails.attribute.value=top 
userdetails.attribute.value=iplanet-am-managed-person 
userdetails.attribute.value=iplanet-am-user-service 
userdetails.attribute.value=organizationalperson 
userdetails.attribute.value=inetadmin 
userdetails.attribute.value=iPlanetPreferences 
userdetails.attribute.value=person 
userdetails.attribute.value=inetuser 
userdetails.attribute.value=sunAMAuthAccountLockout 
userdetails.attribute.value=sunIdentityServerLibertyPPService 
userdetails.attribute.value=inetorgperson 
userdetails.attribute.value=sunFMSAML2NameIdentifier 
userdetails.attribute.name=userpassword 
userdetails.attribute.value={SSHA}XhiE0RMwO/D7SSQ5fYLrTlFjmbHmYbQkIU43FA== 
userdetails.attribute.name=uid 
userdetails.attribute.value=jning 
userdetails.attribute.name=givenname 
userdetails.attribute.value=jning 
userdetails.attribute.name=inetuserstatus 
userdetails.attribute.value=Active

The operation might also return TokenExpired when the token has expired or GeneralFailure on other errors.