This chapter describes the Oracle Access Management Mobile and Social REST API. This chapter includes the following topics:
Mobile Services REST Reference: Authentication and Authorization
Mobile Services REST Reference: Commands for Mobile Single Sign-on Tokens
Mobile Services REST Reference: Commands for User Profile Services
This chapter uses cURL to demonstrate the REST calls that the Mobile and Social client sends to the Mobile and Social server. cURL is free software that you can download from the cURL website at http://curl.haxx.se/
Using cURL to send REST calls to the server can help you better understand how the Mobile and Social client interacts with the Mobile and Social server. It can also be a helpful troubleshooting tool.
Note:
cURL commands that contain single quotes ( ' ) will fail on Windows. When possible, use double quotes ( " ) in place of single quotes.
If a command requires both single quotes and double quotes, escape the double quotes with a backslash (for example: \" ) and replace the single quotes with double quotes.
Note:
In this guide, line breaks in cURL commands and server responses are for display purposes only.
This section documents the request and response attribute names that are reserved for use with Mobile and Social REST Services. These attributes can be included in a query parameter, in an HTTP header, or in the JSON body portion of the header as noted.
Note:
All attribute names and values are case-sensitive.
The following attribute names are documented in this section:
Use this attribute to specify the specific version of the SDK that the client application is compatible with. If you do not specify an SDK version, the Mobile and Social server defaults to using the latest SDK version.
HTTP header
Query parameter
Request
Response
-H "X-IDAAS-REST-VERSION:v1"
curl -i
-H "Content-Type: application/json http://host.us.example.com:14100/oic_rest
/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"profileid1",
"X-Idaas-Rest-Subject-Password":"secret12",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTTOKEN"}'
-H "X-IDAAS-REST-VERSION:v1"
HTTP/1.1 200 OK Date: Tue, 05 Jun 2012 11:23:19 GMT Transfer-Encoding: chunked Content-Type: application/json X-IDAAS-REST-VERSION: v1 Set-Cookie: JSESSIONID=5Z4sPNsHVmrplgs8HNDbQGxddC7TJQS7s4QspYvMpcMJJLC2nGx5!1574 236250; path=/; HttpOnly X-ORACLE-DMS-ECID:a393487d2600b00c:-7abb0b83:137b52ee014:-8000-00000000000026aa X-Powered-By: Servlet/2.5 JSP/2.1
The attribute value must be a string representation of the protocol version, for example v1.
Use to specify a Service Domain value. If a Service Domain value is not provided, the system will use the "Default" Service Domain.
HTTP header
Request only
-H "X-IDAAS-SERVICEDOMAIN: Default"
curl -i
-H "Content-Type: application/json" --request POST
http://host.us.example.com:14100/oic_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"profileid1",
"X-Idaas-Rest-Subject-Password":"secret12",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTTOKEN"}'
-H "X-IDAAS-REST-VERSION:v1"
-H "X-IDAAS-SERVICEDOMAIN: Default"
The attribute value must be a string representation of the target Service Domain, for example MyMobileServiceDomain.
Use to specify an application credential in the HTTP request header.
Use the following format:
-H "X-IDAAS-REST-AUTHORIZATION: <AuthenticationScheme-Name> <Credential Value>"
where AuthenticationScheme-Name is one of the following:
HTTP Basic
UIDPassword
Token
HTTP header
Request only
-H "X-IDAAS-REST-AUTHORIZATION: Token eyJhbG56I4OTg5OTk3M...fW1VGmunfzqZ-bG4rM" -H "X-IDAAS-REST-AUTHORIZATION: Basic fn49xkOVXunF%2B5zMQUiGUlwTXPYiKw" -H "X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred=\"Tp8aUEeptClBz6h9cH8F%2Fwk976\""
curl -i -H "Content-Type: application/json" --request POST
http://host.us.example.com:14100/oic_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"sampleuser",
"X-Idaas-Rest-Subject-Password":"password123",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}'
-H "X-IDAAS-REST-VERSION:v1"
-H "X-IDAAS-SERVICEDOMAIN: Default"
-H "X-IDAAS-REST-AUTHORIZATION: Token eyJhbGciOiJSUzUxMiIsInR5cSldUQXV0aGVudGljYXR
CI6IkpXVCIsImtpZCI6Im9yYWtleSJ9.eyJleHAiOjEzMzg4OTg5OTk3MzIsIzZXJ2ZXIxIiwiaXNzIjoi
joiY2I2MWU5YTQtZjJmYS00ZDQzLWFlOTYtZWQ5MjZlMGQ2NDZlIiwib3JhY2xlLm9pYy50b2tlbi50eXB
lIjoiQ0xJRU5UVE9LRU4iLCJpYXQiOjEzMzg4OTUzOTk3MzIsIm9yYWNsZS5vaWMudG9rZW4udXNlcl9kb
iI6InVpZD1wcm9maWxlaWQxLG91PXBlb3BsZSxvdT1teXJlYWxtLGRjPWJhc2VfZG9tYWsZSxvdT1teXJl
YWxtLGRjPWJhc2VfZG9tYWluIn0.kN17W0N3GEmdccm7GoUOT4iP23yWb6LloleOJ0grZkeiijXE-t8Kfy
N6Jq1m8EKzdYgiKFwdb-SO9MpOVMyPgxSRER9mn_3kkcKNagl7yIgu0EJUOS3Hudy2Suv0Th5b6fDgXLIY
LkBA0cC1WlP5RgW1VGmuBX7RnfzqZ-bG4rMiLCJwcm4iOiJwcm9maWxlaWQxIiwianRpI"
The client application must send a security credential using the X-IDAAS-REST-AUTHORIZATION header if you select the Secured Application option for either User Profile Services or Authorization Services on the Service Domain Configuration "Service Protection" tab. The server accepts credentials sent using any of the three valid security schemes (HTTP Basic, UIDPassword, or Token).
Use to specify a user credential in the HTTP request header. Use the AUTHORIZATION header if a User Token is required and you are using either the JWTAuthentication or the OAMAuthentication token format. The User Token value has to be the User token issued by the authentication Service Provider.
Use the following format:
-H "AUTHORIZATION:<User Token Value>"
HTTP header
Request only
-H "AUTHORIZATION:eyJhbGciOiJSUzUxMiIsInR5cmtpZCI6Im9g5OTk3M...sW1VGmunfzqZ-bG4rM"
curl -i --request GET "http://host.us.example.com:14100/oic_rest/rest/userprofile/people/weblogic/" -H "AUTHORIZATION:eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6Im9yYWtleSJ9.eyJleHi EzMzg4OTk3MTMxMzcsImF1ZCI6Im9hbV9zZXJ2ZXIxIiwiaXNzIjoiSldUQXV0aGVudGljYXRpb24iLCJw cm4iOiJ3ZWJsb2dpYyIsImp0aSI6IjNlMjdiZjc4LTg3NDQtNDFkMS05MzlmLTlkZGY0N2VkNGFlNyIsIm YWNsZS5vaWMudG9rZW4udHlwZSI6IlVTRVJUT0tFTiIsImlhdCI6MTMzODg5NjExMzEzNywib3JhY2xlLm 9pYy50b2tlbi51c2VyX2RuIjoidWlkPXdlYmxvZ2ljLG91PXBlb3BsZSxvdT1teXJlYWxtLGRjPWJhc2V6 ZG9tYWluIn0.hHmAa5Syw3AcqRPwIq_XLx6DcMzCBzvDXGFYvwAf9nqVgxgvLTJJfxZzofS5Ut272b0dFG sv3qakeDm2NTgg6fR2YKH5BxAHnEmq0IAmhLuyWdux_rMZNB-wP8h5JD26UQf_nnBBWApvgULeM2mWQEzY RVDMpN9K7pycNrsGKOj8U"
The client application must send a security credential using the AUTHORIZATION header if you select the Secured User option for either User Profile Services or Authorization Services on the Service Domain Configuration "Service Protection" tab. The server accepts tokens only.
The type of the subject (either USERCREDENTIAL, UID, UIDASSERTION, or TOKEN).
Query parameter
JSON body
Request only
-d '{"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL"}'
-d '{"X-Idaas-Rest-Subject-Type":"UID"}'
-d '{"X-Idaas-Rest-Subject-Type":"UIDASSERTION"}'
curl -H "Content-Type: application/json" --request GET "http://host.us.example.com:14100/oic_rest/rest/jwtauthentication/validate? X-Idaas-Rest-Subject-Value=eyJhbGciOiJSUzU...I_A0PM& X-Idaas-Rest-Subject-Type=TOKEN"
curl -i -H "Content-Type: application/json" --request POST
http://host.us.example.com:14100/oic_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"profileid1",
"X-Idaas-Rest-Subject-Password":"secret12345",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTTOKEN"}'
The attribute value must be one of the following:
USERCREDENTIAL
UID
UIDASSERTION
TOKEN
The string value of the subject. Include this attribute when the value of X-Idaas-Rest-Subject-Type is either TOKEN, UID, or UIDASSERTION.
Query parameter
JSON body
Request only
curl -H "Content-Type: application/json" --request GET "http://host.example.com:14100/oic_rest/rest/jwtauthentication/validate? X-Idaas-Rest-Subject-Value~=eyJhbGciOiJSUzU...PM& X-Idaas-Rest-Subject-Type~=TOKEN"
curl -H "Content-Type: application/json" --request POST
http://localhost:18001/oic_rest/rest/jwtauthentication/access
-d '{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"vTBI8jN...%3D",
"X-Idaas-Rest-Application-Context":"75sSbBZZKJiUOAWikZxsKA==",
"X-Idaas-Rest-Application-Resource":"http:/host.example.com:7779/index.html",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN"}'
Use to supply both the subject type and string value in the header when the subject type is of type TOKEN.
HTTP header
Request only
curl -H "Content-Type: application/json" --request GET http://host.example.com:14100/oic_rest/rest/jwtauthentication/validate -H "X-Idaas-Rest-Subject: TOKEN eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6Im9yYWtl eSJ9.eyJleHAiOjEzMzg5MDEzMzUyMjUsImF1ZCI6Im9hbV9zZXJ2ZXIxIiwiaXNzIjoiSldUQXV0aGVu dGljYXRpb24iLCJwcm4iOiJ3ZWJsb2dpYyIsImp0aSI6ImUzNDZiYjJiLTQyZmYtNGRjMC1hOTZkLWYyY 2U5MjM0NTM0YSIsIm9yYWNsZS5vaWMudG9rZW4udHlwZSI6IlVTRVJUT0tFTiIsImlhdCI6MTMzODg5Nz czNTIyNSwib3JhY2xlLm9pYy50b2tlbi51c2VyX2RuIjoidWlkPXdlYmxvZ2ljLG91PXBlb3BsZSxvdT1 teXJlYWxtLGRjPWJhc2VfZG9tYWluIn0.GZ3-X4NRGdQ99MB63B5MmPuyE5M2kFwqHMQ97AXwBjYElMep ZdziTEgDeYLKJuVB83plSGwpfQEDdzlxR3Sy7tRXbfV3EdK1lpbUyUyEEIwAfuu4xtbNERKrPw3pJoPtU q0TCd0BV2sRdyy1zuSBdU2J6zUjG8rW-PYDWI_A0PM"
Use to supply the user name as a string only if the X-Idaas-Rest-Subject-Type value is USERCREDENTIAL.
JSON body
Request only
curl -i -H "Content-Type: application/json" --request POST
http://host.example.com:14100/oic_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"sampleuser",
"X-Idaas-Rest-Subject-Password":"password123",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}'
Use to supply the password as a string only if the X-Idaas-Rest-Subject-Type value is USERCREDENTIAL.
JSON body
Request only
curl -i -H "Content-Type: application/json" --request POST
http://host.example.com:14100/oic_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"sampleuser",
"X-Idaas-Rest-Subject-Password":"password123",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}'
Use to provide the token types to be created. Multiple token types can be specified in a request.
JSON body
Request only
curl -i -H "Content-Type: application/json" --request POST
http://host.example.com:14100/oic_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"sampleuser",
"X-Idaas-Rest-Subject-Password":"password123",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}'
The attribute value must be one of the following:
CLIENTREGHANDLE
CLIENTTOKEN
USERTOKEN
USERTOKEN::OAMMT
ACCESSTOKEN
Use to specify the application context for which an Access Token is needed. The supplied value must be a string.
JSON body
Request only
curl -H "Content-Type: application/json"
--request POST http://localhost:18001/oic_rest/rest/jwtauthentication/access
-d '{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"vTBI8jN8eYIsfAp%2BZqe...Gk5A%3D%3D",
"X-Idaas-Rest-Application-Context":"75sSbBZZKJiUOAWikZxsKA==",
"X-Idaas-Rest-Application-Resource":"http://h5.example.com:7779/index.html",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN"}'
Use to specify the target resource for which an Access Token is needed. The supplied value must be string.
JSON body
Request only
curl -H "Content-Type: application/json"
--request POST http://localhost:18001/oic_rest/rest/jwtauthentication/access
-d '{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"vTBI8jN8eYIsfAp%2BZqe...5XFSQk5A%3D%3D",
"X-Idaas-Rest-Application-Context":"75sSbBZZKJiUOAWikZxsKA==",
"X-Idaas-Rest-Application-Resource":"http://h5.example.com:7779/index.html",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN"}'
Used to return the principal User.
JSON body
Response only
HTTP/1.1 200 OK Date: Tue, 05 Jun 2012 11:35:13 GMT
Transfer-Encoding: Content-Type: application/json X-IDAAS-REST-VERSION: v1
Set-Cookie: JSESSIONID=
TCjjPNnRvL6fvhJpMSjLhHYrFyMKqwcFxTNL1RQzyvkSJ7G2TLj4!1574236250;
path=/; HttpOnly X-ORACLE-DMS-ECID: a393487d2600b00c:-7abb0b83:137b52ee014:
-8000-00000000000026f5 X-Powered-By: Servlet/2.5 JSP/2.1
{
"X-Idaas-Rest-Token-Value":"eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6Im9yYWtle
SJ9.eyJleHAiOjEzMzg4OTk3MTMxMzcsImF1ZCI6Im9hbV9zZXJ2ZXIxIiwiaXNzIjoiSldUQXV0aGVud
GljYXRpb24iLCJwcm4iOiJ3ZWJsb2dpYyIsImp0aSI6IjNlMjdiZjc4LTg3NDQtNDFkMS05MzlmLTlkZG
d0N2VkNGFlNyIsIm9yYWNsZS5vaWMudG9rZW4udHlwZSI6IlVTRVJUT0tFTiIsImlhdCI6MTMzODg5NjE
xMzEzNywib3JhY2xlLm9pYy50b2tlbi51c2VyX2RuIjoidWlkPXdlYmxvZ2ljLG91PXBlb3BsZSxvdT1t
eXJlYWxtLGRjPWJhc2VfZG9tYWluIn0.hHmAa5Syw3AcqRPwIqXLx6DcMzCBzvDXGFYvwAf9nqVgxgvLT
JfxZzofS5Ut272b0dFGsv3qakeDm2NTgg6fR2YKH5BxAHnEmq0IAmhLuyWdux_rMZNB-wP8h5JD26UQf
nnBBWApvgULeM2mWQEzYRVDMpN9K7pycNrsGK8U",
"X-Idaas-Rest-User-Principal":"jdoe",
"X-Idaas-Rest-Provider-Type":"JWT",
"X-Idaas-Rest-Token-Type":"USERTOKEN"
}
Used to return the token provider type. Valid values include OAM_10G, OAM_11G, and JWT.
JSON body
Response
HTTP/1.1 200 OK Date: Tue, 05 Jun 2012 11:35:13 GMT
Transfer-Encoding: chunked Content-Type: application/json X-IDAAS-REST-VERSION: v1
Set-Cookie:JSESSIONID=TCjjPNnRvL6fvhJpMSjLhHYrFyMKqwcFxTNL1RQzyvkSJ7G2TLj4!157423;
path=/; HttpOnly X-ORACLE-DMS-ECID:
a393487d2600b00c:-7abb0b83:137b52ee014:-8000-00000000000026f5
X-Powered-By: Servlet/2.5 JSP/2.1
{
"X-Idaas-Rest-Token-Value":"eyJhbGciOiJSUzUxMiIsInR
5cCI6IkpXVCIsImtpZCI6Im9yYWtleSJ9.eyJleHAiOjEzMzg4OTk3MTMxMzcsImF1ZCI6Im9hbV9
zZXJ2ZXIxIiwiaXNzIjoiSldUQXV0aGVudGljYXRpb24iLCJwcm4iOiJ3ZWJsb2dpYyIsImp0aSI6IjN
lMjdiZjc4LTg3NDQtNDFkMS05MzlmLTlkZGY0N2VkNGFlNyIsIm9yYWNsZS5vaWMudG9rZW4
udHlwZSI6IlVTRVJUT0tFTiIsImlhdCI6MTMzODg5NjExMzEzNywib3JhY2xlLm9pYy50b2tlbi51c2
VyX2RuIjoidWlkPXdlYmxvZ2ljLG91PXBlb3BsZSxvdT1teXJlYWxtLGRjPWJhc2VfZG9tYWluIn0.h
HmAa5Syw3AcqRPwIq_XLx6DcMzCBzvDXGFYvwAf9nqVgxgvLTJJfxZzofS5Ut272b0dFGsv3q
akeDm2NTgg6fR2YKH5BxAHnEmq0IAmhLuyWdux_rMZNB-wP8h5JD26UQf_nnBBWApvgULeM
2mWQEzYRVDMpN9K7pycNrsGK8U",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Provider-Type":"JWT",
"X-Idaas-Rest-Token-Type":"USERTOKEN"
}
The authorization schemes in this section are used to protect the Mobile and Social REST Services.
The following calls are demonstrated:
Shows how to send the REST call required for UIDPASSWORD authentication.
curl --request GET "localhost:18001/idaas_rest/rest/authorizationservice3/authorization? resource=http://is-x86-05.us.example.com:7779/index.html& action=GET&X-Idaas-Rest-Subject-Value= ZNsJcMMM3ow83Zr5D8KqCPnhBGmui4RnBvUXJ5dqC7OfwZIv6FDcYWwfPuHupxN%2B fs5qN0I6AWIZBX%2F2KQNNQ5bPDN1XqeE8y7OPPoy4znteEfCaRHb7UA1ia1ox%2BW8 5LbknXCLaZ5q%2FN4I0IcXP%2B13FGX9r9LROQ3OZZVNMLhfx3KabZcIVmSHBkK%2F ARGYEJQv6RO%2FPCMN2YYTJgWxGr20rWeG8NLbzgN%2FPyADxxlPLvkxH2YCVHHH 7bLBfOp3p83IbJ%2FC%2Bm9sCd4YjlSlhsMUXKtvZ1LnJME4UymuR5tXuw2B0Yr25OHxU bMreIGgRYZXFonmjhAovKhXqIgzpIg%3D%3D& X-Idaas-Rest-Subject-Type=TOKEN" -H "X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred=\" Tp8aUEeptClBz6A6h9cH8F%2FwcZJvLok976\"" -H "Authorization: gdX4z0leySgt0DiPeItsQfBweYZIfZ2dm7fVypNz%2Bf6pbrzF7P4 AvUzPXIzLf2lL0zHuvNI%2B77OsUESM99U6zQjytC%2FgrAD6O2QdSe2VUNGjjw8Di5ev1 gSI0m5a5VQO9rmGNlB1xndnPYoaX0nDpi3eGAyQNw3PUAbEGYglsDMR1js2jsiXKyexryn 8k1coc3EHGqk%2ByqfEXzfzGjwEB4ipnSGg2c4a9BX2BKjKLoOD0PdNVc2nf6f%2F7T2Ck hA%2BSFowwE%2BEIzvQ7cVbeRYqco2eYCJhs8GS8Haq9T2dnhIAa4tux9MyxVLRNRtDd q39HDr5hvUI7OpHQHNUMeRcPQ%3D%3D"
{
"Allowed":"true"
}
In a request, use the X-IDAAS-SERVICEDOMAIN header name to specify a Service Domain value. The X-IDAAS-SERVICEDOMAIN name can be used as a query parameter or a header. If a Service Domain value is not provided, the system will use the "Default" Service Domain.
Shows how to send the REST call required for HTTP Basic authorization.
curl --request GET "localhost:18001/idaas_rest/rest/authorizationservice3/authorization? resource=http://is-x86-05.us.example.com:7779/index.html &action=GET& X-Idaas-Rest-Subject-Value= ZNsJcMMM3ow83Zr5D8KqCPnhBGmui4RnBvUXJ5dqC7OfwZIv6FDcYWwfPuHupxN%2Bfs5 qN0I6AWIZBX%2F2KQNNQ5bPDN1XqeE8y7OPPoy4znteEfCaRHb7UA1ia1ox%2BW85Lbkn XCLaZ5q%2FN4I0IcXP%2B13FGX9r9LROQ3OZZVNMLhfx3KabZcIVmSHBkK%2FARGYEJ Qv6RO%2FPCMN2YYTJgWxGr20rWeG8NLbzgN%2FPyADxxlPLvkxH2YCVHHH7bLBfOp3p 83IbJ%2FC%2Bm9sCd4YjlSlhsMUXKtvZ1LnJME4UymuR5tXuw2B0Yr25OHxUbMreIGgRYZ XFonmjhAovKhXqIgzpIg%3D%3D& X-Idaas-Rest-Subject-Type=TOKEN" -H "X-IDAAS-REST-AUTHORIZATION: Basic Tp8aUEeptClBz6A6h9cH8F%2FwcZJvLok976" -H "Authorization: TOKEN gdX4z0leySgt0DiPeItsQfBweYZIfZ2dm7fVypNz%2Bf6pbrzF7P4A vUzPXIzLf2lL0zHuvNI%2B77OsUESM99U6zQjytC%2FgrAD6O2QdSe2VUNGjjw8Di5ev1gS I0m5a5VQO9rmGNlB1xndnPYoaX0nDpi3eGAyQNw3PUAbEGYglsDMR1js2jsiXKyexryn8k1 coc3EHGqk%2ByqfEXzfzGjwEB4ipnSGg2c4a9BX2BKjKLoOD0PdNVc2nf6f%2F7T2CkhA%2B SFowwE%2BEIzvQ7cVbeRYqco2eYCJhs8GS8Haq9T2dnhIAa4tux9MyxVLRNRtDdq39HDr5hv UI7OpHQHNUMeRcPQ%3D%3D"
{
"Allowed":"true"
}
A Service Domain name can be specified as a query parameter or a header using X-IDAAS-SERVICEDOMAIN. Otherwise, Mobile and Social assumes the default Service Domain.
HTTPBasic has to be configured for client with an encrypted password in the client definition as shown here:
<IdaasClient description="OIC Client 1" name="clientid1">
<authnService>sampletokenservice</authnService>
<param>
<name>userId4BasicAuth</name>
<value>rest_client1</value>
</param>
<param>
<name>sharedSecret4BasicAuth</name>
<value>9Qo9olLIl5gDwESYR0hOgw==</value>
</param>
</IdaasClient>
Shows how to send the REST call required for Access Manager authorization.
curl --request GET "localhost:18001/idaas_rest/rest/authorizationservice3/authorization? resource=http://is-x86-05.us.example.com:7779/index.html &action=GET& X-Idaas-Rest-Subject-Value=ZNsJcMMM3ow83Zr5D8KqCPnhBGmui4RnBvUXJ5dqC7OfwZIv6 FDcYWwfPuHupxN%2Bfs5qN0I6AWIZBX%2F2KQNNQ5bPDN1XqeE8y7OPPoy4znteEfCaRHb 7UA1ia1ox%2BW85LbknXCLaZ5q%2FN4I0IcXP%2B13FGX9r9LROQ3OZZVNMLhfx3KabZcIV mSHBkK%2FARGYEJQv6RO%2FPCMN2YYTJgWxGr20rWeG8NLbzgN%2FPyADxxlPLvkxH2 YCVHHH7bLBfOp3p83IbJ%2FC%2Bm9sCd4YjlSlhsMUXKtvZ1LnJME4UymuR5tXuw2B0Yr25 OHxUbMreIGgRYZXFonmjhAovKhXqIgzpIg%3D%3D &X-Idaas-Rest-Subject-Type=TOKEN" -H "X-IDAAS-REST-AUTHORIZATION: TOKEN Tp8aUEeptClBz6A6h9cH8F%2FwcZJvLok976 c5q0SitrrgSCJ5FQk58KMtUg2FCPLbjZbP2%2B3P5zZPiSCeHwNua%2FBHdIDCOnUYOXNg 4uBKA7t7O4jGRfn49xkOVXunF%2B5zMQUiGUlwTXPYiKwooAknkeHs3HIq6s2if%2FHpuPH curRa%2BdyfjWfYWTpqPeo%2FzyHHzDH1wF8hM6k6YwJ%2FpxD8avuXogP%2Bp5j2tCZ0 aAhonseNMcKvGTRBoV1shGnotK9gt01nDgc2LWA5oidJgxlcaWDw3%2FXZhvgudkLwl0jxEw 0K%2BzffyeZs0gfUkZJBnsm8qh2KP%2BiCPzT7HPVPF%2FyYCg%3D%3D" -H "Authorization: TOKEN gdX4z0leySgt0DiPeItsQfBweYZIfZ2dm7fVypNz%2Bf6pbrzF7P4AvU zPXIzLf2lL0zHuvNI%2B77OsUESM99U6zQjytC%2FgrAD6O2QdSe2VUNGjjw8Di5ev1gSI0m5 a5VQO9rmGNlB1xndnPYoaX0nDpi3eGAyQNw3PUAbEGYglsDMR1js2jsiXKyexryn8k1coc3EH Gqk%2ByqfEXzfzGjwEB4ipnSGg2c4a9BX2BKjKLoOD0PdNVc2nf6f%2F7T2CkhA%2BSFowwE %2BEIzvQ7cVbeRYqco2eYCJhs8GS8Haq9T2dnhIAa4tux9MyxVLRNRtDdq39HDr5hvUI7OpHQ HNUMeRcPQ%3D%3D"
{
"Allowed":"true"
}
A Service Domain name can be specified as a query parameter or a header using X-IDAAS-SERVICEDOMAIN. Otherwise, Mobile and Social assumes the default Service Domain.
Note that the token value in the query param is URL-encoded, but the same value in the header is not.
The Application Profile has to be defined with a unique name that cannot be applied to any other authentication service. For example:
<ApplicationProfile description="OIC Client 5" name="profileid3"> </ApplicationProfile>
The cURL commands in this section show the REST calls used to request security tokens from the Mobile and Social server. Some REST calls use the POST method, whereas others use GET.
The following calls are demonstrated:
The following calls are valid when used with the JWT-OAM Authentication Service Provider:
Shows how to send the REST call to request a client token.
curl -H "Content-Type: application/json" --request POST
http://localhost:18001/idaas_rest/rest/tokenservice1/tokens
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"client1",
"X-Idaas-Rest-Subject-Password":"secret12",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTTOKEN"}'
{"X-Idaas-Rest-Token-Value":"kubExOtDjCtL5Q0R1QhAgL5zNVmDFYKG1Y0AUe+P9HKvnz4gIDVx
YIMNxxyfJJpmkT5XtYKkDgW295juWEcK7c7LmPBkxE6MytcfvKh4HzWIUGEgS2uKej3PQJG49RpZ6UxAP
ZbGYWj7fpjZoqBhtPiCtyacI0C22bl2/DbbRCVx4341z68j5YiTgOklGC6lIucSorlM7pBI54bxygFZsr
F1DVKxL+RNhrobYsN6I7fFLR4fL+iO/BZcbwM/4SNDuCIC82eOxPI/mTcRraz0cLw9tcLbw7c11MjC2eu
EBSGUjGcNmxpbhiJIt7SIBzJczzNsaBnH+2fKx/VTeVVvGQgGAf19e5b1Drj5QyNhj2I=",
"X-Idaas-Rest-Token-Type":"CLIENTTOKEN",
"X-Idaas-Rest-User-Principal":"client-1",
"X-Idaas-Rest-Provider-Type":"OAM_11G"}
A Service Domain name can be specified as a query parameter or a header using X-IDAAS-SERVICEDOMAIN. Otherwise, Mobile and Social assumes the default Service Domain.
Shows how to send a REST call requesting a User token.
curl -H "Content-Type: application/json"
--request POST http://localhost:18001/idaas_rest/rest/tokenservice1/tokens
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"tester1",
"X-Idaas-Rest-Subject-Password":"secret12",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN"}'
{"X-Idaas-Rest-Token-Value":"adc3bfbExOtDjCtL5Q0R1QhAgL5zNVmDFYKG1Y0AUe+P9HKvnz4g
IDVxYIMNxxyfJJpmkT5XtYKkDgW295juWEcK7c7LmPBkxE6MytcfvKh4HzWIUGEgS2uKej3PQJG49RpZ6
UxAPZbGYWj7fpjZoqBhtPiCtyacI0C22bl2/DbbRCVx4341z68j5YiTgOklGC6lIucSorlM7pBI54bxyg
FZsrF1DVKxL+RNhrobYsN6I7fFLR4fL+iO/BZcbwM/4SNDuCIC82eOxPI/mTcRraz0cLw9tcLbw7c11Mj
C2euEBSGUjGcNmxpbhiJIt7SIBzJczzNsaBnH+2fKx/VTeVVvGQgGAf19e5b1Drj5QyNhj2I=",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-User-Principal":"user-1",
"X-Idaas-Rest-Provider-Type":"OAM_11G"}
A Service Domain name can be specified as a query parameter or a header using X-IDAAS-SERVICEDOMAIN. Otherwise, Mobile and Social assumes the default Service Domain.
Shows how to send a REST call requesting an access token.
curl -H "Content-Type: application/json"
--request POST http://localhost:18001/idaas_rest/rest/tokenservice1/tokens
-d '{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"vTBI8jN8eYsmHCU..5XFSQA%3D%3D",
"X-Idaas-Rest-Application-Context":"75sSbBZZKJiUOAWikZxsKA==",
"X-Idaas-Rest-Application-Resource":"http:/wgte2.example.com:779/index.html",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN"}'
{"X-Idaas-Rest-Token-Value":"R1QhAgL5zNVmDFYKG1Y0AUe+P9HKvnz4gIDVxYIMNxxyfJJpmkT5
XtYKkDgW295juWEcK7c7LmPBkxE6MytcfvKh4HzWIUGEgS2uKej3PQJG49RpZ6UxAPZbGYWj7fpjZoqBh
tPiCtyacI0C22bl2/DbbRCVx4341z68j5YiTgOklGC6lIucSorlM7pBI54bxygFZsrF1DVKxL+RNhrobY
sN6I7fFLR4fL+iO/BZcbwM/4SNDuCIC82eOxPI/mTcRraz0cLw9tcLbw7c11MjC2euEBSGUjGcNmxpbhi
JIt7SIBzJczzNsaBnH+2fKx/VTeVVvGQgGAf19e5b1Drj5QyNhj2I=",
"X-Idaas-Rest-Token-Type":"ACCESSTOKEN",
"X-Idaas-Rest-User-Principal":"user-1",
"X-Idaas-Rest-Provider-Type":"OAM_11G"}
A Service Domain name can be specified as a query parameter or a header using X-IDAAS-SERVICEDOMAIN. Otherwise, Mobile and Social assumes the default Service Domain.
Shows how to send a REST call requesting multiple tokens, for example a User Token and a Master Token.
curl -i -H
"Content-Type: application/json"
--request POST http://host12.example.com:1801/idaas_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"testuser",
"X-Idaas-Rest-Subject-Password":"userpassword",
"X-Idaas-Rest-New-Token-Type-To-Create":["USERTOKEN","USERTOKEN::OAMMT"]}'
{"TokensList":
[
{
"X-Idaas-Rest-Token-Value":"eyJhbGciOiJSUzx...GbC7cswpZN1ep8up3E34",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-User-Principal":"testuser",
"X-Idaas-Rest-Provider-Type":"JWT",
"handles":
{"DebugDummyHandleName1":
{"expirationTSInSec":1332192041,"value":"DebugDummyHandleValue1"}
}
},
{"X-Idaas-Rest-Token-Type":"USERTOKEN::OAMMT"}
]
}
You can specify the Mobile and Social Token Type by using the X-Idaas-Rest-New-Token-Type-To-Create parameter. Must be one of the following:
CLIENTTOKEN
USERTOKEN
ACCESSTOKEN
USERTOKEN::OAMMT
If the authentication service provider can issue a Master Token, the client will get two tokens: a User Token and the Master Token.
Shows how to send the REST call required to request (get) a client token.
curl
--request GET http://localhost:18001/idaas_rest/rest/mobilesecret1/tokens/info
-H "X-Idaas-Rest-Subject: TOKEN someTokenValue"
{"X-Idaas-Rest-Token-Value":"QA8wjxWGSf3VMggfxFFYW4Yrre0DuG7hOagET4yfF3PX
bbUUsgh7uJUOEX5aZAQPsrV90J20gtALfhiUI32gbxooeqppGnQSLnk0ehpN4%2B6%2BCgR2nOMrYzoLi
U7%2FvrnoG7894eUfxHwmvZESQw4w4ez6L%2BOcaHF2tc05F4zkqi6%2BveSL4uFdiaMh9pJ2k%2BXF%2
FWn2Q8IfOWBdk2IzWeFhwi35CzMLJrNiAST%2BdMWhteIKcNEFbvS1WFaYR8Fjzx%2FpuU3%2FdTaG2gX
xDJxE%2BpI2bpanks4fdZwaFmkLCraUfJFdtiGgOk2SIVIwi4UYCBAbM9XZJ5nyjtmxpqEESKJSGQ%3D%
3D",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-User-Principal":"testuser",
"X-Idaas-Rest-Provider-Type":"JWT"
}
A Service Domain name can be specified as a query parameter or a header using X-IDAAS-SERVICEDOMAIN. Otherwise, Mobile and Social assumes the default Service Domain.
Note that the token value in the query param is URL-encoded, but the same value in the header is not.
Shows how to send the REST call required to delete a token.
curl -H "Content-Type:application/json"
--request DELETE
http://localhost:18001/oic_rest/rest/jwtauthentication/tokens/info
-d '{
"X-Idaas-Rest-Subject-Value":"YHEGjRP5eewNeXeK9v%2F3YBX...tvMJW9p%3D",
"X-Idaas-Rest-Subject-Type":"TOKEN"}'
curl -H "Content-Type: application/json"
--request DELETE
http://localhost:14100/oic_rest/rest/oamauthentication/tokens
-d '{
"X-Idaas-Rest-Subject-Value":"jdoe",
"X-Idaas-Rest-Subject-Type":"UID"}'
-H "Authorization: 01wIWzki0cF0Z...6hwVYV4fZ2CAMSXZHKPKD8="
HTTP Status: 204 No Content
You can use X-Idaas-Rest-Subject-Type to specify either TOKEN or UID. Use X-Idaas-Rest-Subject-Value to specify either the token or UID value.
To delete a single token when the subject type is TOKEN, use either the service endpoint ~/tokens/info or ~/delete.
To delete all the tokens belonging to the token owner when the subject type is TOKEN, use the service endpoint ~/tokens. Use the -H "AUTHORIZATION User Token Value" header to validate the request.
If the subject type is UID, use the service endpoint ~/tokens to delete all the tokens belong to theUID. Use the -H "AUTHORIZATION User Token Value" header to validate the request.
A Service Domain name can be specified as a query parameter or a header using X-IDAAS-SERVICEDOMAIN. Otherwise, Mobile and Social assumes the default Service Domain.
Note that the token value in the query param is URL-encoded, but the same value in the header is not.
Shows how to send the REST call required to request a client token.
curl --request GET "localhost:18001/idaas_rest/ rest/authorizationservice1/authorization? resource=http://webgate123.us.example.com:7779/index.html& action=GET&X-Idaas-Rest-Subject-Value= ZNsJcMMM3ow83Zr5D8KqCPnhBGmui4RnBvUXJ5dqC7OfwZIv6FDcYWwf PuHupxN%2Bfs5qN0I6AWIZBX%2F2KQNNQ5bPDN1XqeE8y7OPPoy4znte EfCaRHb7UA1ia1ox%2BW85LbknXCLaZ5q%2FN4I0IcXP%2B13FGX9r9LR OQ3OZZVNMLhfx3KabZcIVmSHBkK%2FARGYEJQv6RO%2FPCMN2YYTJ gWxGr20rWeG8NLbzgN%2FPyADxxlPLvkxH2YCVHHH7bLBfOp3p83IbJ%2 FC%2Bm9sCd4YjlSlhsMUXKtvZ1LnJME4UymuR5tXuw2B0Yr25OHxUbMreI GgRYZXFonmjhAovKhXqIgzpIg%3D%3D& X-Idaas-Rest-Subject-Type=TOKEN"
{
"Allowed":"true"
}
A Service Domain name can be specified as a query parameter or a header using X-IDAAS-SERVICEDOMAIN. Otherwise, Mobile and Social assumes the default Service Domain.
Note that the token value in the query param is URL-encoded, but the same value in the header is not.
The following call is valid when used with the JWT-OAM Authentication Service Provider.
curl -H "Content-Type: application/json"
--request POST http://host:port/oic_rest/rest/jwtoamauthentication/authenticate
-d '{
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN",
"X-Idaas-Rest-Subject-Password":"password555",
"X-Idaas-Rest-Subject-Username":"webuser1234",
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL"}'
{
"X-Idaas-Rest-Token-Value":"eyJhbGciOiJ...YLSmUkto",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-Provider-Type":"JWT"}
The following calls are valid when used with the JWT-OAM Authentication Service Provider.
JWT-OAM Authentication Service Provider
curl -H "Content-Type: application/json"
--request POST http://host:port/oic_rest/rest/jwtoamauthentication/authenticate
-d '{
"X-Idaas-Rest-New-Token-Type-To-Create":["USERTOKEN","USERTOKEN::OAMMT",
"USERTOKEN::OAMUT"],
"X-Idaas-Rest-Subject-Password":"password555",
"X-Idaas-Rest-Subject-Username":"webuser1234",
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL"}'
Mobile JWT-OAM Authentication Service Provider
curl -H "Content-Type: application/json"
--request
POST http://host:port/oic_rest/rest/mobilejwtoamauthentication/authenticate
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-H 'X-Idaas-Rest-Authorization: UIDPASSWORD cred="T0lDU1NPQ...WZHQ0RnPQ=="'
-d '{
"X-Idaas-Rest-New-Token-Type-To-Create":["USERTOKEN","USERTOKEN::OAMUT",
"USERTOKEN::OAMMT"],
"X-Idaas-Rest-Subject-Password":"password555",
"deviceProfile":
{
"oracle:idm:claims:client:sdkversion":"11.1.2.0.0",
"hardwareIds":
{
"oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
"oracle:idm:claims:client:phonenumber":"1-650-555-1234",
"oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
"oracle:idm:claims:client:imei":"010113006310121"
},
"oracle:idm:claims:client:jailbroken":false,
"oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
"oracle:idm:claims:client:networktype":"PHONE_CARRIER",
"oracle:idm:claims:client:vpnenabled":false,
"oracle:idm:claims:client:ostype":"iPhone OS",
"oracle:idm:claims:client:phonecarriername":"AT&T",
"oracle:idm:claims:client:locale":"EN-US",
"oracle:idm:claims:client:osversion":"4.0"
},
"X-Idaas-Rest-Subject-Username":"weblogic",
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL"}'
JWT-OAM Authentication Service Provider
{
"TokensList":[
{
"X-Idaas-Rest-Token-Value":"eyJhbGciOiJSUz...FfxrkN9xM",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-Provider-Type":"JWT"
},
{
"X-Idaas-Rest-Token-Value":"cL9fR2ASSB...iTaNs8c=",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN::OAMMT",
"X-Idaas-Rest-Provider-Type":"OAM_11G"
},
{
"X-Idaas-Rest-Token-Value":"VERSION_4%7EAn29pwsWv...ZMwLw%3D%3D",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN::OAMUT",
"X-Idaas-Rest-Provider-Type":"OAM_11G"
}]
}
Mobile JWT OAM Authentication Service Provider
{
"TokensList":[
{
"X-Idaas-Rest-Token-Value":"eyJhbGciOiJ...lxizU",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-Provider-Type":"JWT"
},
{
"X-Idaas-Rest-Token-Value":"0fY4apw0Cfw...+edij0M=",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN::OAMUT",
"X-Idaas-Rest-Provider-Type":"OAM_11G"
},
{
"X-Idaas-Rest-Token-Value":"VERSION_4%7EBSTnEU5eDhsK%2FS%...mt5j4w%3D%3D",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN::OAMMT",
"X-Idaas-Rest-Provider-Type":"OAM_11G"
}]
}
The following calls are valid when used with the JWT-OAM Authentication Service Provider.
The token exchange input here is a JWT User Token and the token exchange output is an OAM User Token and an OAM Master Token.
JWT-OAM Authentication Service Provider
curl -H "Content-Type: application/json"
--request POST http://host:port/oic_rest/rest/jwtoamauthentication/authenticate
-d '{
"X-Idaas-Rest-New-Token-Type-To-Create":["USERTOKEN","USERTOKEN::OAMUT",
"USERTOKEN::OAMMT"],
"X-Idaas-Rest-Subject-Value":"<JWT USER TOKEN>",
"X-Idaas-Rest-Subject-Type":"TOKEN"}'
Mobile JWT-OAM Authentication Service Provider
curl -H "Content-Type: application/json"
--request POST http://host:port/oic_rest/rest/mobilejwtoamauthentication/authenticate
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-H 'X-Idaas-Rest-Authorization: UIDPASSWORD cred="<BASE 64 Encoding Client ID : CRH>"'
-d '{
"X-Idaas-Rest-New-Token-Type-To-Create":["USERTOKEN","USERTOKEN::OAMUT",
"USERTOKEN::OAMMT"],
"deviceProfile":
{
"oracle:idm:claims:client:sdkversion":"11.1.2.0.0",
"hardwareIds":
{
"oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
"oracle:idm:claims:client:phonenumber":"1-650-555-1234",
"oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
"oracle:idm:claims:client:imei":"010113006310121"
},
"oracle:idm:claims:client:jailbroken":false,
"oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
"oracle:idm:claims:client:networktype":"PHONE_CARRIER",
"oracle:idm:claims:client:vpnenabled":false,
"oracle:idm:claims:client:ostype":"iPhone OS",
"oracle:idm:claims:client:phonecarriername":"AT&T",
"oracle:idm:claims:client:locale":"EN-US",
"oracle:idm:claims:client:osversion":"4.0"
},
"X-Idaas-Rest-Subject-Value":"<JWT USERTOKEN>",
"X-Idaas-Rest-Subject-Type":"TOKEN"}'
JWT-OAM Authentication Service Provider
{
"TokensList":[
{
"X-Idaas-Rest-Token-Value":"eyJhbGciOiJSU...o6JOao3s",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-Provider-Type":"JWT"
},
{
"X-Idaas-Rest-Token-Value":"ipZ45ey55BAkb...G0tuDGyfdY=",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN::OAMUT",
"X-Idaas-Rest-Provider-Type":"OAM_11G"
},
{
"X-Idaas-Rest-Token-Value":"VERSION_4%7ESTFLB3gGSZrdy6...2SbdLQ%3D%3D",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN::OAMMT",
"X-Idaas-Rest-Provider-Type":"OAM_11G"
}]
}
Mobile JWT OAM Authentication Service Provider
{
"TokensList":[
{
"X-Idaas-Rest-Token-Value":"eyJhbGciOiJ...-mVLKLtpONChYs",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-Provider-Type":"JWT"
},
{
"X-Idaas-Rest-Token-Value":"BsL1V2s...nbGXUF4nPfHFPqs=",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN::OAMUT",
"X-Idaas-Rest-Provider-Type":"OAM_11G"
},
{
"X-Idaas-Rest-Token-Value":"VERSION_4%7E3Bbc0YHd4upKZfjt3...M6ZORc3Q%3D%3D",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN::OAMMT",
"X-Idaas-Rest-Provider-Type":"OAM_11G"
}]
}
The following calls are valid when used with the JWT-OAM Authentication Service Provider.
JWT-OAM Authentication Service Provider
curl -H "Content-Type: application/json"
--request POST http://host:port/oic_rest/rest/jwtoamauthentication/access
-d '{
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN",
"X-Idaas-Rest-Application-Resource":"http:\/\/a6.example.com:7777\/idx.html",
"X-Idaas-Rest-Subject-Value":"<OAM USER TOKEN>",
"X-Idaas-Rest-Application-Context":"encquery%3DA1%2BnxGqYJxtmcteKYUux%2F7%2FV
aRBrBVRByRl81YM89Rv1940CTWlcddShowo2r516MLCa%2BHcPjgGNDeGVSagzGmV84GKybdiFtzrwd8ms
i9nRr4ijlW7%2BznCmb6C5xYiEXg6RBpI1Eud9Ce2VjNyrYY%2F3Ig7ntdhbF1NbznmV%2BwGf9S6ogxKR
abbKl2yOD5NO%2FC7NkmJOoDSisQb9IR9DnUxm1uBfHkKpE34RAyvpqg4xeGx2r%2Fuo0F0upeZ8KbsT%2
FugszrOdPR0S5O9%2BbPzV%2BNfzuFH25M0qriKbVj9EixNb0gzSEf2bCBmP9tXbWXDdG%20agentid%3D
adc2171186_11gwebgateprofile%20ver%3D1",
"X-Idaas-Rest-Subject-Type":"TOKEN"}'
Mobile JWT-OAM Authentication Service Provider
curl -H "Content-Type: application/json"
--request POST http://host:port/oic_rest/rest/mobilejwtoamauthentication/access
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-H 'X-Idaas-Rest-Authorization: UIDPASSWORD cred="BASE 64 Encoding (ClientID:CRH)"'
-d '{
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN",
"X-Idaas-Rest-Application-Resource":"http:\/\/6.example.com:7777\/idx.html",
"X-Idaas-Rest-Subject-Value":"<OAM USER TOKEN>",
"X-Idaas-Rest-Application-Context":"encquery%3DNgSQHsqHQeDgTwiOnZCqB3io74D2c
VJjuw0lf1LhvS%2F1L29aOBFehYXHFB%2Bhfd4XNHt21pqFLC5HdA%2Fi0ScENG3Tq7YK3Uv2yde1tCec
ojHmryb8zpTriUex3kYg83VRzg1gBmIJnTVpiCVgaVlBhe3mKE7liqYcJXmsXFudsjUn%2FcUuXuWdWXP
Qzi1d3WJ3lwdq0DPRnXUFGg%2BzsO%2BarKcreIg3BmGsmxZE7lLL6b9Wf9jbhOwlk1wsq2nqdFPDDS3O
Yz3T9o9ZtsO1xnKuHsLwoMaNtM%2FSIjxpcmrntyQw2w7i8NWxnVP7w1RJDvu7%20agentid%3Dadc217
1186_11gwebgateprofile%20ver%3D1",
"deviceProfile":
{
"oracle:idm:claims:client:sdkversion":"11.1.2.0.0",
"hardwareIds":
{
"oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
"oracle:idm:claims:client:phonenumber":"1-650-555-1234",
"oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
"oracle:idm:claims:client:imei":"010113006310121"
},
"oracle:idm:claims:client:jailbroken":false,
"oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
"oracle:idm:claims:client:networktype":"PHONE_CARRIER",
"oracle:idm:claims:client:vpnenabled":false,
"oracle:idm:claims:client:ostype":"iPhone OS",
"oracle:idm:claims:client:phonecarriername":"AT&T",
"oracle:idm:claims:client:locale":"EN-US",
"oracle:idm:claims:client:osversion":"4.0"
},
"X-Idaas-Rest-Subject-Type":"TOKEN"}'
JWT-OAM Authentication Service Provider
{
"X-Idaas-Rest-Token-Value":"lroMQ%2Bwj7Ji4daRdXfGb8%2FG...AzWPTM%3D",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"ACCESSTOKEN",
"X-Idaas-Rest-Provider-Type":"OAM_11G"
}
Mobile JWT OAM Authentication Service Provider
{
"X-Idaas-Rest-Token-Value":"xGhOiD%2FLVrnyU...nYgo%3D",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"ACCESSTOKEN",
"X-Idaas-Rest-Provider-Type":"OAM_11G"
}
The following calls are valid when used with the JWT-OAM Authentication Service Provider.
JWT-OAM Authentication Service Provider
curl -i --request GET "http://host:port/oic_rest/rest/jwtoamauthentication/tokens/info?X-Idaas-Rest- Subject-Value=<JWT USER TOKEN>&X-Idaas-Rest-Subject-Type=TOKEN"
Mobile JWT-OAM Authentication Service Provider
curl -i --request GET "http://host:port/oic_rest/rest/mobilejwtoamauthentication/tokens/info?X-Idaas-Rest-Subject-Value=<JWT USER TOKEN>&X-Idaas-Rest-Subject-Type=TOKEN" -H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain' -H 'X-Idaas-Rest-Authorization: UIDPASSWORD cred=" BASE 64 Encoding(CLIENTID:CRH) "'
JWT-OAM Authentication Service Provider
{
"X-Idaas-Rest-Token-Value":"eyJhbGciO...fsOn3BIo6JOao3s",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-Provider-Type":"JWT"}
Mobile JWT OAM Authentication Service Provider
{
"X-Idaas-Rest-Token-Value":"eyJhbGci....mVLKLtpONChYs",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-Provider-Type":"JWT"}
The following calls are valid when used with the JWT-OAM Authentication Service Provider.
JWT-OAM Authentication Service Provider
curl -i --request GET "http://host:port/oic_rest/rest/jwtoamauthentication/tokens/info?X-Idaas-Rest- Subject-Value=<OAM USER TOKEN>&X-Idaas-Rest-Subject-Type=TOKEN"
Mobile JWT-OAM Authentication Service Provider
curl -i --request GET "http://host:port/oic_rest/rest/mobilejwtoamauthentication/tokens/info?X-Idaas-Rest- Subject-Value=<OAM** USER TOKEN>&X-Idaas-Rest-Subject-Type=TOKEN" -H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain' -H 'X-Idaas-Rest-Authorization: UIDPASSWORD cred=" BASE 64 Encoding(CLIENTID:CRH) "'
JWT-OAM Authentication Service Provider
{
"X-Idaas-Rest-Token-Value":"ipZ45ey55BAk...NqM3YsycmdG0tuDGyfdY=",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-Provider-Type":"OAM_11G"}
Mobile JWT OAM Authentication Service Provider
{
"X-Idaas-Rest-Token-Value":"8C2wieU9h7VfQM...UmubmxvJ+SpL5fLZYpbU=",
"X-Idaas-Rest-User-Principal":"weblogic",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"X-Idaas-Rest-Provider-Type":"OAM_11G"}
The following calls are valid when used with the JWT-OAM Authentication Service Provider.
curl -H "Content-Type: application/json"
--request DELETE "http://host:port/oic_rest/rest/jwtoamauthentication/tokens/info"
-d '{
"X-Idaas-Rest-Subject-Value":"<OAM USER TOKEN>",
"X-Idaas-Rest-Subject-Type":"TOKEN"}'
HTTP Response 204
The cURL commands in this section show the REST calls that the mobile single sign-on agent sends to the Mobile and Social server to request client, user, and access tokens, and to create client registration handles.
The following calls are demonstrated:
Create a Client Registration Handle for a Mobile Single Sign-on Client App (User Name Scenario)
Create a Client Registration Handle for a Mobile Single Sign-on Client App (User Token Scenario)
The Single Sign-on Agent Request to Create an Access Token for its own use
Shows how to create a client registration handle for a mobile single sign-on (SSO) agent app based on a user name and password. In this example, the mobile single sign-on agent app is named MobileAgent1.
curl -H "Content-Type: application/json" --request POST
http://localhost:18001/idaas_rest/rest/mobilejwtauthentication/register
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"theUserName",
"X-Idaas-Rest-Subject-Password":"thePassword",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE",
"deviceProfile" : { ... },
"clientId": "MobileAgent1" }'
{
"X-Idaas-Rest-Token-Value":"eyJ0b2tl...",
"X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE",
handles :
{
"oaam.session" : { ... } ,
"oaam.device" : { ... }
}
}
The value of CLIENTREGHANDLE is shortened for display purposes.
The user name and password ("theUserName" and "thePassword" in this example) is a security credential that signifies an authenticated user authorized for such a device.
This example shows how the mobile single sign-on agent creates a client registration handle for a mobile business app (the client app) utilizing a user name and password. In this example, the request originated with the mobile business app, which is named MobileExpenseReport1.
curl -H "Content-Type: application/json" --request POST
http://localhost:18001/idaas_rest/rest/mobilejwtauthentication/register
-H "X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD ..."
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"theUserName",
"X-Idaas-Rest-Subject-Password":"thePassword",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE",
"deviceProfile" : { ... },
handles : {
"oaam.session" : "...",
"oaam.device" : "..."
},
"clientId": "MobileExpenseReport1" } '
{
"X-Idaas-Rest-Token-Value":"ey...",
"X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE",
handles : {
"oaam.session" : { ... } ,
"oaam.device" : { ... }
}
}
The value of CLIENTREGHANDLE and other tokens is shortened for display purposes.
If the clientId is not a mobile SSO agent (for example, MobileExpenseReport1), then the caller needs to add a header to the HTTP request that contains the client reg handle obtained previously for a Mobile Agent, for example -H "X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD...."
This example is similar to the previous example. Instead of a user name and password, however, a user token is submitted. The user token is a security credential that signifies that an authenticated user authorized the device. As with the previous example, the request originated with the mobile business app, which is named MobileExpenseReport1.
curl -H "Content-Type: application/json" --request POST
http://localhost:18001/idaas_rest/rest/mobilejwtauthentication/register
-H "X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD ..."
-d '{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"ey...",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE",
"deviceProfile" : { ... },
handles : {
"oaam.session" : "...",
"oaam.device" : "..."
},
"clientId": "MobileExpenseReport1" } '
{
"X-Idaas-Rest-Token-Value":"ey...",
"X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE",
handles : {
"oaam.session" : { ... } ,
"oaam.device" : { ... }
}
}
The value of CLIENTREGHANDLE and other tokens is shortened for display purposes.
When registering the client application, the user token can only represent a user registration if the Mobile.reauthnForRegNewClientApp configuration value is set to false in the corresponding mobile agent client application profile.
The HTTP header X-IDAAS-REST-AUTHORIZATION has a UIDPASSWORD scheme value that contains the client reg handle of the mobile agent app (for example, MobileAgent1).
This example shows the REST call that the mobile single sign-on agent sends to the Mobile and Social server to request that a user token be created.
curl -H "Content-Type: application/json" --request POST
http://localhost:18001/idaas_rest/rest/mobilejwtauthentication/authenticate
-H 'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="..." '
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"theUserName",
"X-Idaas-Rest-Subject-Password":"thePassword",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN",
"handles" : { ... },
"deviceProfile" : { ... } }'
{
"X-Idaas-Rest-Token-Value":"ey...",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
handles : {
"oaam.session" : { ... } ,
"oaam.device" : { ... }
}
}
Token values are shortened for display purposes.
An SSO agent app (MobileAgent1, for example) requests a User token with a user name and password.
The HTTP header X-IDAAS-REST-AUTHORIZATION has a UIDPASSWORD scheme value that contains the client reg handle of the SSO agent app (MobileAgent1).
This example shows a mobile SSO agent request for an access token on behalf of a mobile business app. The mobile SSO agent is named MobileAgent1, and the business app is named MobileExpenseReport1.
Mobile OAMAuthentication Example
curl -H "Content-Type: application/json"
-H 'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="..." '
-H 'X-IDAAS-REST-AGENT-AUTHORIZATION: UIDPASSWORD cred="..." '
--request POST
http://localhost:18001/idaas_rest/rest/mobileoamauthentication/access
-d '{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"... USER TOKEN VALUE...",
"X-Idaas-Rest-Application-Context":"75sSbBZZKJiUOAWikZxsKA==",
"X-Idaas-Rest-Application-Resource":
"http:/wengate123.us.example.com:7779/index.html",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN",
"handles" : { ... },
"deviceProfile" : { ... }
}'
Mobile JWTAuthentication Example
curl -H "Content-Type: application/json"
-H 'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="..." '
-H 'X-IDAAS-REST-AGENT-AUTHORIZATION: UIDPASSWORD cred="..." '
--request POST
http://localhost:18001/idaas_rest/rest/mobilejwtauthentication/access
-d '{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"... USER TOKEN VALUE ...",
"X-Idaas-Rest-Application-Resource":"...",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN",
"handles" : { ... },
"deviceProfile" : { ... }
}'
{
"X-Idaas-Rest-Token-Value":"...",
"X-Idaas-Rest-Token-Type":"ACCESSTOKEN",
handles : {
"oaam.session" : { ... } ,
"oaam.device" : { ... }
}
}
This HTTP request carries two headers: The first contains the client registration handle of the SSO Agent app, and the second contains the client registration handle of the Business app.
The header X-IDAAS-REST-AGENT-AUTHORIZATION contains the client reg handle of the SSO agent app (MobileAgent1).
The header X-IDAAS-REST-AUTHORIZATION contains the client reg handle of the Business app (MobileExpenseReport1).
The Mobile and Social server component (specifically, the Mobile Services component) will verify the validity of both handles. It will ensure both apps are listed in the target service domain. The underlying Token / Authentication Service will vend out an Access Token upon verifying the validity of the User Token Value.In the case of Access Manager, the X-Idaas-Rest-Application-Resource field refers to a resource protected by a particular WebGate. It also has an X-Idaas-RESt-Application-Context field that corresponds to the Access Manager Application Context.
Token values are shortened for display purposes.
This example shows a mobile SSO agent request for an access token for its own use. The mobile SSO agent requires an access token before it can request tokens on behalf of client apps.
Mobile OAMAuthentication Example
curl -H "Content-Type: application/json"
-H 'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="..." '
--request POST http://localhost:18001/idaas_
rest/rest/mobileoamauthentication/access
-d '{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"... USER TOKEN VALUE...",
"X-Idaas-Rest-Application-Context":"75sSbBZZKJiUOAWikZxsKA==",
"X-Idaas-Rest-Application-Resource":"http:/wg12.example.com:7779/index.html",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN",
"handles" : { ... },
"deviceProfile" : { ... }
}'
Mobile JWTAuthentication Example
curl -H "Content-Type: application/json"
-H 'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="..." '
--request POST http://localhost:18001/idaas_
rest/rest/mobilejwtauthentication/access
-d '{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"... USER TOKEN VALUE ...",
"X-Idaas-Rest-Application-Resource":"...",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN",
"handles" : { ... },
"deviceProfile" : { ... }
}'
{
"X-Idaas-Rest-Token-Value":"...",
"X-Idaas-Rest-Token-Type":"ACCESSTOKEN",
handles : {
"oaam.session" : { ... } ,
"oaam.device" : { ... }
}
}
This HTTP request carries ONE header, X-IDAAS-REST-AUTHORIZATION, that contains the client reg handle of the SSO agent app (MobileAgent1).
There is no X-IDAAS-REST-AGENT-AUTHORIZATION header in this request.
The Mobile and Social server component (specifically, the Mobile Services component) will verify the validity of both handles. It will ensure that the MobileAgent1 app is listed in the target service domain and that it is marked as an SSO-capable app (that is, the app is listed with an SSO Priority).
Token values are shortened for display purposes.
This example shows a client reg handle verification request. The Mobile and Social server has token and handle verification logic, so the mobile client does not need to make this verification call.
When the request is sent to the Mobile and Social server to create a User Token or an Access Token, the service verifies the one or two HTTP headers that contain the client reg handles: X-IDAAS-REST-AUTHORIZATION and X-IDAAS-REST-AGENT-AUTHORIZATION.
curl --request GET http://localhost:18001/idaas_rest/rest/mobileservice1/tokens/info -H "X-Idaas-Rest-Subject: TOKEN ey..." -H "X-IDAAS-REST-AUTHORIZATION: TOKEN ey..."
{
"X-Idaas-Rest-Token-Value":"eyJl...",
"X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE"
}
The CLIENTREGHANDLE values are repeated under two different HTTP headers. If an administrator uses an explicit service binding not requiring a Client Token to perform a verify token operation, the second HTTP header can be dropped.
The CLIENTREGHANDLE value is shortened for display purposes.
Token values are shortened for display purposes.
The cURL commands in this section show the REST calls that are sent from a client application to the Mobile and Social server to perform User Profile Services transactions with a connected Directory server.
User Profile cURL commands are grouped into the following sections:
Basic user operations commands include the following:
Shows how to create a user profile in a remote directory.
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{"uid":"John","description":"test user","lastname":"Anderson",
"commonname":"John Anderson","firstname":"John"}'
{"uid":"John","guid":"FE1D7BD0590111E1BFDCF77FB8E715D5","
description":"test user","name":"John","lastname":"Anderson",
"commonname":"John Anderson","loginid":"John","firstname":"John",
"uniquename":"FE1D7BD0590111E1BFDCF7FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}
Shows how to retrieve a user profile in a remote directory.
curl -i --request GET http://localhost:14100/idaas_rest/ rest/userprofile/people/John/
{"uid":"John","guid":"FE1D7BD0590111E1BFDCF77FB8E715D5","description":"test user",
"name":"John","lastname":"Anderson","commonname":"John Anderson","loginid":"John",
"firstname":"John","uniquename":"FE1D7BD0590111E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}
Shows how to update a user profile record in a remote directory.
curl -H "Content-Type: application/json" --request PUT
http://localhost:14100/idaas_rest/rest/userprofile/people/John/ -d
'{"description":"test user1"}'
{"uid":"John","guid":"FE1D7BD0590111E1BFDCF77FB8E715D5",
"description":"test user1","name":"John","lastname":"Anderson",
"commonname":"John Anderson","loginid":"John","firstname":"John",
"uniquename":"FE1D7BD0590111E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}
Shows how to remove a user profile record in a remote directory.
curl -i --request DELETE http://localhost:14100/ idaas_rest/rest/userprofile/people/John/
No response.
Basic group operations commands include the following:
Shows how to create a group profile in a remote directory.
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"group1 testuing","commonname":"group1"}'
{"guid":"2259C6C0592011E1BFDCF77FB8E715D5","description":"group1 testing",
"name":"group1","commonname":"group1",
"uniquename":"2259C6C0592011E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1"}
Shows how to retrieve a group profile in a remote directory.
curl -i --request GET "http://localhost:14100/idaas_rest/ rest/userprofile/groups/group1/"
{"guid":"2259C6C0592011E1BFDCF77FB8E715D5","description":"group1 testing",
"name":"group1","commonname":"group1",
"uniquename":"2259C6C0592011E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1"}
Shows how to update a group profile in a remote directory.
curl -H "Content-Type: application/json" --request PUT
http://localhost:14100/idaas_rest/rest/userprofile/groups/group1/ -d
'{"description":"group11 testing"}'
{"guid":"2259C6C0592011E1BFDCF77FB8E715D5","description":"group11 testing",
"name":"group1","commonname":"group1",
"uniquename":"2259C6C0592011E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1"}
Shows how to delete a group profile in a remote directory.
curl -H "Content-Type: application/json" --request PUT
http://localhost:14100/idaas_rest/rest/userprofile/groups/group1/ -d
'{"description":"group11 testing"}'
{"guid":"2259C6C0592011E1BFDCF77FB8E715D5","description":"group11 testing",
"name":"group1","commonname":"group1",
"uniquename":"2259C6C0592011E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1"}
The "members" and "memberOf" logical entity relationships both point to the same "member" attribute in the LDAP "group" entity. Both logical entity relationships can be used to add, delete, read, and search a user with respect to a group.
This section includes the following operations:
Shows how to make a user a member of a group.
Create User "John"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{"uid":"John"Anderson","commonname":"John Anderson","firstname":"John"}'
Create Group "Group1"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"group1 testing","commonname":"group1"}'
Create a MemberOf Relationship
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/John/memberOf/ -d
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/group\/group1",
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}'
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1",
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John\/memberOf\/group1"}
Shows how to retrieve a "memberOf" relationship profile for the specified user.
curl -i --request GET "http://localhost:14100/idaas_rest /rest/userprofile/people/John/memberOf/group1/"
Either of the following:
HTTP Status 200 (The request has succeeded.)
No response.
Shows how to delete a "memberOf" relationship.
Delete the MemberOf Relationship
curl -i --request DELETE "http://localhost:14100/idaas_rest/ rest/userprofile/people/John/memberOf/group1/"
Delete User "John"
curl -i --request DELETE http://localhost:14100/idaas_rest/ rest/userprofile/people/John/
Delete the Group "group1"
curl -i --request DELETE "http://localhost:14100/idaas_rest/ rest/userprofile/groups/group1"
Either of the following:
HTTP Status 200 (The request has succeeded.)
No response.
The "members" and "memberOf" logical entity relationships both point to the same "member" attribute in the LDAP "group" entity. Both logical entity relationships can be used to add, delete, read, and search a user with respect to a group.
This section includes the following operations:
Shows how to assign a user to a group.
Create User "John"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{"uid":"John"Anderson","commonname":"John Anderson","firstname":"John"}'
Create Group "Group1"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"group1 testuing","commonname":"group1"}'
Create a Members Relationship
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/group1/members -d
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/group\/group1",
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}'
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1",
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/group1\/members\/John"}
Shows how to read a "members" relationship.
curl -i --request GET "http://localhost:14100/idaas_rest/ rest/userprofile/people/group1/members/John"
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1",
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/group1\/members\/John"}
Shows how to delete a "members" relationship profile.
Delete the Members Relationship
curl -i --request DELETE "http://localhost:14100/idaas_rest/ rest/userprofile/people/group1/members/John/"
Delete User "John"
curl -i --request DELETE http://localhost:14100/idaas_rest/ rest/userprofile/people/John/
Delete Group "Group1"
curl -i --request DELETE "http://localhost:14100/idaas_rest/ rest/userprofile/groups/group1/"
HTTP Status 200 (The request has succeeded.)
This section includes the following operations:
Shows how to assign a manager to a user.
Create User "John"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{"uid":"John"Anderson","commonname":"John Anderson","firstname":"John"}'
Create User "Alan"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{"uid":"Alan","description":"Manager User","lastname":"Doe",
"commonname":"Alan Doe","firstname":"Alan"}'
Create a Manager Relationship
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/John/manager/ -d
'{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}'
{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John\/manager\/Alan",
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}
Shows how to read a manager relationship profile.
curl -i --request GET "http://localhost:14100/idaas_rest/ rest/userprofile/people/John/manager/Alan"
{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John\/manager\/Alan",
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}
Shows how to delete the manager relationship.
Delete the Manager Relationship
curl -i --request DELETE "http://localhost:14100/ idaas_rest/rest/userprofile/people/John/manager/Alan"
Delete User "John"
curl -i --request DELETE http://localhost:14100/ idaas_rest/rest/userprofile/people/John/
Delete User "Alan"
curl -i --request DELETE "http://localhost:14100/ idaas_rest/rest/userprofile/people/Alan/"
No response.
This section includes the following operations:
Shows how to create a reports-to relationship.
Create User "John"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{"uid":"John"Anderson","commonname":"John Anderson","firstname":"John"}'
Create User "Alan"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{"uid":"Alan","description":"Manager User","lastname":"Doe",
"commonname":"Alan Doe","firstname":"Alan"}'
Create a Reports Relationship
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/Alan/reports/ -d
'{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}'
{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan\/reports\/John",
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}
Shows how to read a reports-to relationship.
curl -i --request GET "http://localhost:14100/idaas_rest/ rest/userprofile/people/Alan/reports/John"
{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan\/reports\/John",
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}
Shows how to delete a reports-to relationship.
Delete the Reports Relationship
curl -i --request DELETE "http://localhost:14100/idaas_rest/ rest/userprofile/people/Alan/reports/John"
Delete User "John"
curl -i --request DELETE http://localhost:14100/idaas_rest/ rest/userprofile/people/John/
Delete User "Alan"
curl -i --request DELETE "http://localhost:14100/idaas_rest/ rest/userprofile/people/Alan/"
No response.
This section includes the following operations:
Shows how to create an ownerOf relationship.
Create User "John"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{"uid":"John"Anderson","commonname":"John Anderson","firstname":"John"}'
Create Group "group1"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"group1 testuing","commonname":"group1"}'
Create an "ownerOf" Relationship
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/John/ownerOf/ -d
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/group\/group1",
"owner-uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}'
{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan\/reports\/John",
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}
Shows how to read an ownerOf relationship.
curl -i --request GET "http://localhost:14100/idaas_rest/ rest/userprofile/people/John/ownerOf/group1"
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1",
"owner-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John\/ownerOf\/group1"}
Shows how to delete an ownerOf relationship.
Delete the "ownerOf" Relationship
curl -i --request DELETE "http://localhost:14100/idaas_rest/ rest/userprofile/people/John/ownerOf/group1"
Delete User "John"
curl -i --request DELETE http://localhost:14100/idaas_rest/ rest/userprofile/people/John/
Delete Group "group1"
curl -i --request DELETE "http://localhost:14100/idaas_rest/ rest/userprofile/groups/group1"
No response.
This section includes the following operations:
Shows how to create a personOwner relationship.
Create User "John"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{"uid":"John"Anderson","commonname":"John Anderson","firstname":"John"}'
Create Group "group1"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"group1 testing","commonname":"group1"}'
Create a "personOwner" Relationship
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/group1/personOwner -d
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/group\/group1",
"owner-uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}'
{"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan\/reports\/John",
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/Alan"}
Shows how to read a personOwner relationship.
curl -i --request GET "http://localhost:18001/idaas_rest/ rest/userprofile/groups/group1/personOwner/John"
{"owner-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1\/personOwner\/John"
Shows how to delete a personOwner relationship.
Delete the "personOwner" Relationship
curl -i --request DELETE "http://localhost:18001/idaas_rest/ rest/userprofile/groups/group1/personOwner/John"
Delete User "John"
curl -i --request DELETE http://localhost:14100/idaas_rest/ rest/userprofile/people/John/
Delete Group "group1"
curl -i --request DELETE "http://localhost:14100/idaas_rest/ rest/userprofile/groups/group1/"
No response.
This section includes the following operations:
Shows how to create a groupOwner relationship.
Create Group "XYZ"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"XYZ Group","commonname":"XYZ"}'
Create Group "ABC"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"ABC Group","commonname":"ABC"}'
Create a "groupOwner" Relationship
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/XYZ/groupOwner -d
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/group\/XYZ",
"owner-uri":"\/idaas_rest\/rest\/userprofile\/group\/ABC"}'
{"owner-uri":"\/idaas_rest\/rest\/userprofile\/groups\/ABC",
"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ\/groupOwner\/ABC"}
Shows how to read a groupOwner relationship.
curl -i --request GET "http://localhost:14100/ idaas_rest/rest/userprofile/groups/XYZ/groupOwner/ABC"
{"owner-uri":"\/idaas_rest\/rest\/userprofile\/people\/John",
"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/group1\/personOwner\/John"
Shows how to delete a groupOwner relationship.
Delete the "groupOwner" Relationship
curl -i --request DELETE "http://localhost:14100/ idaas_rest/rest/userprofile/groups/XYZ/groupOwner/ABC"
Delete Group "XYZ"
curl -i --request DELETE http://localhost:14100/ idaas_rest/rest/userprofile/groups/XYZ/
Delete Group "ABC"
curl -i --request DELETE "http://localhost:14100/ idaas_rest/rest/userprofile/groups/ABC/"
No response.
This section includes the following operations:
Shows how to create a groupOwnerOf relationship.
Create Group "XYZ"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"XYZ Group","commonname":"XYZ"}'
Create Group "ABC"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"ABC Group","commonname":"ABC"}'
Create a "groupOwnerOf" Relationship
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ABC/groupOwnerOf -d
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/group\/XYZ",
"owner-uri":"\/idaas_rest\/rest\/userprofile\/group\/ABC"}'
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"owner-uri":"\/idaas_rest\/rest\/userprofile\/groups\/ABC",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/ABC\/groupOwnerOf\/XYZ"}
Shows how to read a groupOwnerOf relationship.
curl -i --request GET "http://localhost:14100/ idaas_rest/rest/userprofile/groups/ABC/groupOwnerOf/XYZ"
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"owner-uri":"\/idaas_rest\/rest\/userprofile\/groups\/ABC",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/ABC\/groupOwnerOf\/XYZ"
Shows how to delete a groupOwnerOf relationship.
Delete the "groupOwnerOf" Relationship
curl -i --request DELETE "http://localhost:14100/ idaas_rest/rest/userprofile/groups/ABC/groupOwnerOf/XYZ"
Delete Group "XYZ"
curl -i --request DELETE http://localhost:14100/ idaas_rest/rest/userprofile/groups/XYZ/
Delete Group "ABC"
curl -i --request DELETE "http://localhost:14100/ idaas_rest/rest/userprofile/groups/ABC/"
No response.
This section includes the following operations:
Shows how to create a groupMemberOf relationship.
Create Group "XYZ"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"XYZ Group","commonname":"XYZ"}'
Create Group "iCloud"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"iCloud Group","commonname":"iCLOUD"}'
Create a "groupMemberOf" Relationship
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/XYZ/groupMemberOf -d
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD",
"member-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ"}'
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD",
"member-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ\/groupMemberOf\/iCLOUD"}
Shows how to read a groupMemberOf relationship.
curl -i --request GET "http://localhost:14100/ idaas_rest/rest/userprofile/groups/XYZ/groupMemberOf/iCLOUD"
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD",
"member-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ\/groupMemberOf\/iCLOUD"
Shows how to delete a groupMemberOf relationship.
Delete the "groupMemberOf" Relationship
curl -i --request DELETE "http://localhost:14100/ idaas_rest/rest/userprofile/groups/XYZ/groupMemberOf/iCLOUD"
Delete Group "XYZ"
curl -i --request DELETE http://localhost:14100/ idaas_rest/rest/userprofile/groups/XYZ/
Delete Group "iCLOUD"
curl -i --request DELETE "http://localhost:14100/ idaas_rest/rest/userprofile/groups/iCLOUD/"
No response.
This section includes the following operations:
Shows how to create a groupMembers relationship.
Create Group "XYZ"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"XYZ Group","commonname":"XYZ"}'
Create Group "iCloud"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/ -d
'{"description":"iCloud Group","commonname":"iCLOUD"}'
Create a "groupMembers" Relationship
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/groups/iCLOUD/groupMembers -d
'{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD",
"member-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ"}'
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD",
"member-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD\/groupMembers\/XYZ"}
Shows how to read a groupMembers relationship.
curl -i --request GET "http://localhost:14100/ idaas_rest/rest/userprofile/groups/iCLOUD/groupMembers"
{"group-uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD",
"member-uri":"\/idaas_rest\/rest\/userprofile\/groups\/XYZ",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/iCLOUD\/groupMemberOf\/XYZ"
Shows how to delete a groupMembers relationship.
Delete the "groupMembers" Relationship
curl -i --request DELETE "http://localhost:14100/idaas_rest/rest/ userprofile/groups/iCLOUD/groupMembers"
Delete Group "XYZ"
curl -i --request DELETE http://localhost:14100/ idaas_rest/rest/userprofile/groups/XYZ/
Delete Group "iCLOUD"
curl -i --request DELETE "http://localhost:14100/ idaas_rest/rest/userprofile/groups/iCLOUD/"
No response.
This section includes the following operations:
Shows how to get a list of all users.
curl -i --request GET http://localhost:14100/idaas_rest/rest/userprofile/people
{"next":"\/idaas_rest\/rest\/userprofile\/people?pageSize=10&pagePos=1",
"elements":[{"uid":"OracleSystemUser","guid":"E9A3B390581611E19F08FB1E3902A71C",
"description":"Oracle]]]] application software system user.",
"name":"OracleSystemUser","lastname":"OracleSystemUser",
"commonname":"OracleSystemUser","loginid":"OracleSystemUser",
"uniquename":"E9A3B390581611E19F08FB1E3902A71C",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/OracleSystemUser"},
{"uid":"weblogic","guid":"E9A4C500581611E19F08FB1E3902A71C",
"description":"This user is the default administrator.","name":"weblogic",
"lastname":"weblogic","commonname":"weblogic","loginid":"weblogic",
"uniquename":"E9A4C500581611E19F08FB1E3902A71C",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic"},
{"uid":"alice","guid":"D8D1907158F511E1BFDCF77FB8E715D5",
"description":"This test user is alice.","name":"alice","lastname":"alice",
"commonname":"alice","loginid":"alice",
"uniquename":"D8D1907158F511E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/alice"},
{"uid":"sean","guid":"D8D5AF2058F511E1BFDCF77FB8E715D5",
"description":"This test user is sean.","name":"sean","lastname":"sean",
"commonname":"sean","loginid":"sean",
"uniquename":"D8D5AF2058F511E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/sean"},
{"uid":"wei","guid":"D8D6245058F511E1BFDCF77FB8E715D5",
"description":"This test user is wei.","name":"wei","lastname":"wei",
"commonname":"wei","loginid":"wei",
"uniquename":"D8D6245058F511E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/wei"},
{"uid":"malla","guid":"D8D64B6058F511E1BFDCF77FB8E715D5",
"description":"This test user is malla.","name":"malla","lastname":"malla",
"commonname":"malla","loginid":"malla",
"uniquename":"D8D64B6058F511E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/malla"},
{"uid":"alan","guid":"D8D6998058F511E1BFDCF77FB8E715D5",
"description":"This test user is alan.","name":"alan","lastname":"alan",
"commonname":"alan","loginid":"alan",
"uniquename":"D8D6998058F511E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/alan"},
"uri":"\/idaas_rest\/rest\/userprofile\/people?pageSize=10&pagePos=0"}
Shows how to get a list of users while specifying a page size and the page position.
curl -i --request GET "http://localhost:14100/ idaas_rest/rest/userprofile/people?pagePos=0&pageSize=1"
{"next":"\/idaas_rest\/rest\/userprofile\/people?pageSize=1&pagePos=1",
"elements":[{"uid":"OracleSystemUser","guid":"E9A3B390581611E19F08FB1E3902A71C",
"description":"Oracle]] application software system user.",
"name":"OracleSystemUser","lastname":"OracleSystemUser",
"commonname":"OracleSystemUser","loginid":"OracleSystemUser",
"uniquename":"E9A3B390581611E19F08FB1E3902A71C",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/OracleSystemUser"}],
"uri":"\/idaas_rest\/rest\/userprofile\/people?pageSize=1&pagePos=0"}
Shows how to get a list of users while specifying a search parameter but not a search filter.
curl -i --request GET "http:/localhost:14100/idaas_rest/rest/userprofile/people/ ?pagePos=0&pageSize=10&searchparam.name=John*"
{"elements":[{"uid":"John","guid":"E932E4F0590911E1BFDCF77FB8E715D5",
"description":"test user","name":"John","lastname":"Anderson",
"commonname":"John Anderson","loginid":"John","firstname":"John",
"uniquename":"E932E4F0590911E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}],
"uri":"\/idaas_rest\/rest\/userprofile\/people?pageSize=10
&searchparam.name=John+Anderson&pagePos=0"}
Shows how to get a list of users while specifying the default "out-of-the-box" simple AND search filter.
curl -i --request GET "http:/localhost:14100/idaas_rest/rest/userprofile/ people?searchFilter=SimpleOR&searchparam.uid=John&searchparam.lastname=TEST"
{"elements":[{
"uid":"John",
"guid":"E932E4F0590911E1BFDCF77FB8E715D5",
"description":"test user",
"name":"John",
"lastname":"Anderson",
"commonname":"John Anderson",
"loginid":"John",
"firstname":"John",
"uniquename":"E932E4F0590911E1BFDCF77FB8E715D5",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/John"}],
"uri":"\/idaas_rest\/rest\/userprofile\/people?pageSize=10
&searchFilter=SimpleOR&searchparam.lastname=TEST&searchparam.uid=John&pagePos=0"}
Shows how to get Group information.
curl -i --request GET "http:/localhost:14100/idaas_rest/rest/userprofile/ groups/?pagePos=0&pageSize=2"
{"next":"\/idaas_rest\/rest\/userprofile\/groups?pageSize=2&pagePos=1",
"elements":[{
"guid":"7CF7EC60724811E1BFB5AB6A1E4E415B",
"description":"AdminChannelUsers]] can access the admin channel.",
"name":"AdminChannelUsers",
"commonname":"AdminChannelUsers",
"uniquename":"7CF7EC60724811E1BFB5AB6A1E4E415B",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/AdminChannelUsers"},
{"guid":"7CF7EC61724811E1BFB5AB6A1E4E415B",
"description":"Administrators can view and modify all resource attributes and start and stop servers.",
"name":"Administrators",
"commonname":"Administrators",
"uniquename":"7CF7EC61724811E1BFB5AB6A1E4E415B",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/Administrators"}],
"uri":"\/idaas_rest\/rest\/userprofile\/groups?pageSize=2&pagePos=0"}
Given the name of a person in an organization, allows you to search for the person's manager.
curl -i --request GET "http:/localhost:14100/idaas_rest/rest/userprofile/ people/JohnD/manager/?pagePos=0&pageSize=2"
{"elements":[{
"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager\/SusanS",
"manager-uri":{
"uid":"SusanS",
"manager":"\/idaas_rest\/rest\/userprofile\/people\/SusanS\/manager",
"state":"CA",
"lastname":"Smith",
"firstname":"Susan",
"loginid":"SusanS",
"uniquename":"5B543C30790511E1AF41BD17BAB1A1C1",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS",
"country":"USA",
"guid":"5B543C30790511E1AF41BD17BAB1A1C1",
"title":"Sr]]. Director, Development ",
"name":"SusanS",
"commonname":"Susan Smith"}
}],
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager?pageSize=2
&pagePos=0"}
Use the attrsToFetch query parameter to retrieve a specific set of attributes instead of the full set of attributes that the system returns otherwise. To specify multiple attributes use a comma-separated list of attribute names.
For example:
.../people/alice?attrsToFetch=uid,email
The attrsToFetch query parameter can be used with any Search, Read, User, Group, or Relationship operation.
This section includes the following examples:
This example shows how to retrieve the User's common name only. Without the attrsToFetch parameter, the system would retrieve the full set of User attributes.
curl -i --request GET "http://host:10/idaas_rest/rest/userprofile/people/Alice/?attrsToFetch=commonname"
{
"commonname":"Alice Mac",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/Alice"}
{
"uid":"Alice",
"guid":"C04020C078FE11E1AF41BD17BAB1A1C1",
"description":"Alice User",
"name":"Alice",
"lastname":"Mac",
"commonname":"Alice Mac",
"loginid":"Alice",
"firstname":"Alice",
"uniquename":"C04020C078FE11E1AF41BD17BAB1A1C1",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/Alice"}
This example shows how to search Groups and retrieve only the name of each Group. Without the attrsToFetch parameter, the system would retrieve every attribute of each Group.
curl -i --request GET "http:/host:10/idaas_rest/rest/userprofile/groups?pagePos=0&pageSize=2 &attrsToFetch=name"
{"next":
"\/idaas_rest\/rest\/userprofile\/groups?pageSize=2&attrsToFetch=name&pagePos=1",
"elements":[{
"name":"AdminChannelUsers",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/AdminChannelUsers"},
{
"name":"Administrators",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/Administrators"
}],
"uri":"\/idaas_rest\/rest\/userprofile\/groups?pageSize=2&attrsToFetch=name
&pagePos=0"}
{"next":
"\/idaas_rest\/rest\/userprofile\/groups?pageSize=2&pagePos=1",
"elements":[{
"guid":"7CF7EC60724811E1BFB5AB6A1E4E415B",
"description":"AdminChannelUsers can access the admin channel.",
"name":"AdminChannelUsers",
"commonname":"AdminChannelUsers",
"uniquename":"7CF7EC60724811E1BFB5AB6A1E4E415B",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/AdminChannelUsers"},
{
"guid":"7CF7EC61724811E1BFB5AB6A1E4E415B",
"description":"Administrators can view and modify all resource attributes and
start and stop servers.",
"name":"Administrators",
"commonname":"Administrators",
"uniquename":"7CF7EC61724811E1BFB5AB6A1E4E415B",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/Administrators"
}],
"uri":"\/idaas_rest\/rest\/userprofile\/groups?pageSize=2&pagePos=0"}
This example shows how to retrieve the name of the Groups that a User is a member of. Without the attrsToFetch parameter, the system would retrieve the full set of Group attributes for each Group.
curl -i --request GET "http://host:10/idaas_rest/rest/userprofile/people/weblogic/memberOf? pagePos=0&pageSize=2&attrsToFetch=name"
{"next":
"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf?
pageSize=2&attrsToFetch=name&pagePos=1",
"elements":[
{
"group-uri":
{
"name":"Administrators",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/Administrators"
},
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf\/
Administrators"
},
{
"group-uri":
{
"name":"OAAMEnvAdminGroup",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/OAAMEnvAdminGroup"
},
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic",
"uri":"\/idaas_ rest\/rest\/userprofile\/people\/weblogic\/memberOf\/
OAAMEnvAdminGroup"
}],
"uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf?
pageSize=2&attrsToFetch=name&pagePos=0"}
{"next":
"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf?
pageSize=2&pagePos=1",
"elements":[
{
"group-uri":
{
"guid":"7CF7EC61724811E1BFB5AB6A1E4E415B",
"description":"Administrators can view and modify all resource attributes
and start and stop servers.",
"name":"Administrators",
"commonname":"Administrators",
"uniquename":"7CF7EC61724811E1BFB5AB6A1E4E415B",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/Administrators"
},
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf\/
Administrators"
},
{
"group-uri":
{
"guid":"7CF83A81724811E1BFB5AB6A1E4E415B",
"description":"EnvAdminGroup",
"name":"OAAMEnvAdminGroup",
"commonname":"OAAMEnvAdminGroup",
"uniquename":"7CF83A81724811E1BFB5AB6A1E4E415B",
"uri":"\/idaas_rest\/rest\/userprofile\/groups\/OAAMEnvAdminGroup"
},
"person-uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf\/
OAAMEnvAdminGroup"
}],
"uri":"\/idaas_rest\/rest\/userprofile\/people\/weblogic\/memberOf?
pageSize=2&pagePos=0"}
Use the prefetch query parameter to expand a query to retrieve a collection of attributes linked to the User or Group or Relationship that is the subject of the query. To specify multiple attributes use a comma-separated list of attribute names.
For example:
.../people/alice?prefetch=attr1,attr2(b1,b2),attr3(b1,b2,b3)
If you do not specify the prefetch query parameter, the system returns the requested URI only.
You can use the prefetch query parameter with any User, Group, or Relationship profile operation, but not a Search operation.
So for example, you can use prefetch with instance resources such as the following:
.../people/alice
.../groups/Admin
.../people/alice/memberOf/Admin
But you cannot use prefetch with collection resources, such as the following:
.../people
.../groups
.../people/alice/memberOf
This section includes one example:
This example shows how to retrieve the collection of "manager" attributes for the specified user in addition to the full set of User attributes that is returned by default.
curl -i --request GET "http://localhost:16191/idaas_rest/rest/userprofile/people/JohnD/ ?prefetch=manager"
{
"uid":"JohnD",
"manager":
{"elements":
[{
"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager\/SusanS",
"manager-uri":
{
"uid":"SusanS",
"manager":"\/idaas_rest\/rest\/userprofile\/people\/SusanS\/manager",
"state":"CA",
"lastname":"Smith",
"firstname":"Susan",
"loginid":"SusanS",
"uniquename":"5B543C30790511E1AF41BD17BAB1A1C1",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS",
"country":"USA",
"guid":"5B543C30790511E1AF41BD17BAB1A1C1",
"title":"Sr]]. Director, Development ",
"name":"SusanS",
"commonname":"Susan Smith"
}
}],
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager
?pageSize=0&pagePos=-1"
},
"state":"CA",
"lastname":"Doe",
"firstname":"John",
"loginid":"JohnD",
"uniquename":"2F23AC90790511E1AF41BD17BAB1A1C1",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
"country":"USA",
"guid":"2F23AC90790511E1AF41BD17BAB1A1C1",
"title":"Director, Development ",
"name":"JohnD",
"commonname":"John Doe"}
{
"uid":"JohnD",
"manager":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager",
"state":"CA",
"lastname":"Doe",
"firstname":"John",
"loginid":"JohnD",
"uniquename":"2F23AC90790511E1AF41BD17BAB1A1C1",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
"country":"USA",
"guid":"2F23AC90790511E1AF41BD17BAB1A1C1",
"title":"Director, Development ",
"name":"JohnD",
"commonname":"John Doe"}
Use the scope query parameter to retrieve a nested level of attributes in a relationship search.
For example:
.../people/JohnD/manager?scope=toTop
Use scope if a search is between two entities that have a direct hierarchical relationship, for example a manager relationship between one user and another user, or a memberOf relationship between a user and a group.
The scope query parameter can be used with the following User Profile Services standard entities: manager, reports, groupMemberOf, groupMembers, groupOwner, and groupOwnerOf.
Note:
Configure the toTop scope attribute value by editing the User Profile Service Provider in the Oracle Access Management system administration console. In the Relationship Configuration section of the page, edit the values in the Scope for Requesting Recursion column. See "Editing or Creating a User Profile Service Provider" in the Administrator's Guide for Oracle Access Management for more information.
This section includes one example:
This example shows how to do a Manager relationship Search with scope set toTop.
Create User "JohnD"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{
"uid":"JohnD",
"title":"Director, Development ",
"state":"CA",
"lastname":"Doe",
"commonname":"John Doe ",
"firstname":"John",
"password":"secret12345",
"country":"USA"}'
Create User "SusanS"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{
"uid":"SusanS",
"title":"Sr. Director, Development ",
"state":"CA",
"lastname":"Smith",
"commonname":"Susan Smith",
"firstname":"Susan",
"password":"12345secret",
"country":"USA"}'
Create User "AlanC"
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/ -d
'{
"uid":"AlanC",
"title":"VP, Identity Management Development ",
"state":"CA",
"lastname":"Cooper",
"commonname":"Alan Cooper",
"firstname":"Alan",
"password":"welcome321",
"country":"USA"}'
Create a "manger" relationship between JohnD and SusanS
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/JohnD/manager -d
'{
"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS"}'
Create a "manager" relationship between SusanS and AlanC
curl -H "Content-Type: application/json" --request POST
http://localhost:14100/idaas_rest/rest/userprofile/people/SusanS/manager -d
'{
"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS",
"manager-uri":"\/idaas_rest\/rest\/userprofile\/people\/AlanC"}'
Perform a "manager" relationship Search with scope = toTop
curl -i --request GET "http://localhost:14100/idaas_rest/rest/userprofile/people/ JohnD/manager/?scope=toTop&pagePos=0&pageSize=2"
{"next":
"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager
?pageSize=2&scope=toTop&pagePos=1",
"elements":
[{
"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager\/SusanS",
"manager-uri":
{
"uid":"SusanS",
"manager":"\/idaas_rest\/rest\/userprofile\/people\/SusanS\/manager",
"state":"CA",
"lastname":"Smith",
"firstname":"Susan",
"loginid":"SusanS",
"uniquename":"5B543C30790511E1AF41BD17BAB1A1C1",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS",
"country":"USA",
"guid":"5B543C30790511E1AF41BD17BAB1A1C1",
"title":"Sr. Director, Development ",
"name":"SusanS",
"commonname":"Susan Smith"
}
},
{
"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS\/manager\/AlanC",
"manager-uri":
{
"uid":"AlanC",
"guid":"31486BE0790611E1AF41BD17BAB1A1C1",
"title":"VP, Identity Management Development ",
"name":"AlanC",
"state":"CA",
"lastname":"Cooper",
"commonname":"Alan Cooper",
"loginid":"AlanC",
"firstname":"Alan",
"uniquename":"31486BE0790611E1AF41BD17BAB1A1C1",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/AlanC",
"country":"USA"
}
}],
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager
?pageSize=2&scope=toTop&pagePos=0"}
{"elements":
[{
"report-uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager\/SusanS",
"manager-uri":
{
"uid":"SusanS",
"manager":"\/idaas_rest\/rest\/userprofile\/people\/SusanS\/manager",
"state":"CA",
"lastname":"Smith",
"firstname":"Susan",
"loginid":"SusanS",
"uniquename":"5B543C30790511E1AF41BD17BAB1A1C1",
"uri":"\/idaas_rest\/rest\/userprofile\/people\/SusanS",
"country":"USA",
"guid":"5B543C30790511E1AF41BD17BAB1A1C1",
"title":"Sr. Director, Development ",
"name":"SusanS",
"commonname":"Susan Smith"
}
}],
"uri":"\/idaas_rest\/rest\/userprofile\/people\/JohnD\/manager
?pageSize=2&pagePos=0"}
The examples in this section present a progression of REST calls. First a device registration handle is acquired and then used in subsequent calls to the Mobile and Social server in order to authenticate a user, obtain access to a protected resource, and interact with User Profile Services. The basic sequence is (1) obtain a device registration handle, (2) obtain a user token, and (3) obtain an access token.
Note:
The REST examples presented in this section include line breaks and indented code blocks to help make them easy to read.
Mobile SSO Agent Requests Client Registration Handle (Client Token)
Mobile SSO Agent Requests Client Registration Handle on Behalf of Business App
This example shows the client registration request call that the mobile SSO agent app on an iOS device sends to the Mobile and Social Server.
curl -H "Content-Type: application/json" --request POST
http://hostname.example.com:18001/idaas_rest/rest/mobilejwtauthentication/register
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"jdoe",
"X-Idaas-Rest-Subject-Password":"password123",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE",
"deviceProfile":
{
"oracle:idm:claims:client:sdkversion":"11.1.2.0.0",
"hardwareIds":
{
"oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
"oracle:idm:claims:client:phonenumber":"1-650-555-1234",
"oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
"oracle:idm:claims:client:imei":"010113006310121"
},
"oracle:idm:claims:client:jailbroken":false,
"oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
"oracle:idm:claims:client:networktype":"PHONE_CARRIER",
"oracle:idm:claims:client:vpnenabled":false,
"oracle:idm:claims:client:ostype":"iPhone OS",
"oracle:idm:claims:client:phonecarriername":"AT&T",
"oracle:idm:claims:client:locale":"EN-US",
"oracle:idm:claims:client:osversion":"4.0"
}
"clientId":"OICSecurityApp"
}'
{"X-Idaas-Rest-Token-Value":"eyJ0b2tlblR...l9M=",
"X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE",
"handles":
{"oaam.device":
{
"expirationTSInSec":1334423076,
"value":"20_7fe4bde3d448598c4cb8211d214b5eaded0620428c06061b1261644603717cd3"
},
"oaam.session":
{
"expirationTSInSec":1332955447,
"value":"18_2743f64c111cb6691ea18689317958192d748b191a4955851e43f40910079e9a"
}
}
}
curl -H "Content-Type: application/json" --request POST
http://hostname.example.com:18001/idaas_rest/rest/mobilejwtauthentication/register
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-H 'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="T0lDU2VjdXJ...Gw5TT0="'
-d
'{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"jdoe",
"X-Idaas-Rest-Subject-Password":"password123",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE",
"deviceProfile":
{
"oracle:idm:claims:client:sdkversion":"11.1.2.0.0",
"hardwareIds":
{
"oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
"oracle:idm:claims:client:phonenumber":"1-650-555-1234",
"oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
"oracle:idm:claims:client:imei":"010113006310121"
},
"oracle:idm:claims:client:jailbroken":false,
"oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
"oracle:idm:claims:client:networktype":"PHONE_CARRIER",
"oracle:idm:claims:client:vpnenabled":false,
"oracle:idm:claims:client:ostype":"iPhone OS",
"oracle:idm:claims:client:phonecarriername":"AT&T",
"oracle:idm:claims:client:locale":"EN-US",
"oracle:idm:claims:client:osversion":"4.0"
}
"handles":
{"oaam.session":"18_2743f64c111cb6691ea18689317958192d748b191a4955851e43f40910079e9a",
"oaam.device":"20_7fe4bde3d448598c4cb8211d214b5eaded0620428c06061b1261644603717cd3"
},
"clientId":"WhitePageApp"
}'
{"X-Idaas-Rest-Token-Value":"eyJ0b2tlblR...Lyhko=",
"X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE",
"handles":
{"oaam.device":
{
"expirationTSInSec":1334423298,
"value":"20_7fe4bde3d448598c4cb8211d214b5eaded0620428c06061b1261644603717cd3"
},
"oaam.session":
{
"expirationTSInSec":1332955669,
"value":"18_2743f64c111cb6691ea18689317958192d748b191a4955851e43f40910079e9a"
}
}
}
curl -H "Content-Type: application/json" --request POST
http://hostname.example.com:18001/idaas_rest/rest/mobilejwtauthentication/authenticate
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-H 'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="T0lDU2VjdXJpdHlBc...Fa00vOD0="'
-d
'{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"jdoe",
"X-Idaas-Rest-Subject-Password":"password123",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN",
"deviceProfile":
{
"oracle:idm:claims:client:sdkversion":"11.1.2.0.0",
"hardwareIds":
{
"oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
"oracle:idm:claims:client:phonenumber":"1-650-555-1234",
"oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
"oracle:idm:claims:client:imei":"010113006310121"
},
"oracle:idm:claims:client:jailbroken":false,
"oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
"oracle:idm:claims:client:networktype":"PHONE_CARRIER",
"oracle:idm:claims:client:vpnenabled":false,
"oracle:idm:claims:client:ostype":"iPhone OS",
"oracle:idm:claims:client:phonecarriername":"AT&T",
"oracle:idm:claims:client:locale":"EN-US",
"oracle:idm:claims:client:osversion":"4.0"
}
"handles":
{"oaam.session":"21_9e2e728b3180a7a3c9b80cef542c58339c2c7ed0e1a3ba66db4807ef1cf1523d",
"oaam.device":"23_3a958d144b04f91c53b4236ed9f880357122df946f14ba21d957be5b49ef529b"
}
}'
{"X-Idaas-Rest-Token-Value":"eyJhbGciOiJSUzUx...1OC6qw",
"X-Idaas-Rest-Token-Type":"USERTOKEN",
"handles":
{"oaam.device":
{
"expirationTSInSec":1334424634,
"value":"23_3a958d144b04f91c53b4236ed9f880357122df946f14ba21d957be5b49ef529b"
},
"oaam.session":
{
"expirationTSInSec":1332957005,
"value":"21_9e2e728b3180a7a3c9b80cef542c58339c2c7ed0e1a3ba66db4807ef1cf1523d"
}
}
}
curl -H "Content-Type: application/json" --request POST
http://hostname.example.com:18001/idaas_rest/rest/mobilejwtauthentication/access
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-H 'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="T0lDU2VjdXJpdHlBc...TFPQzZxdw=="'
-d
'{
"X-Idaas-Rest-Subject-Type":"TOKEN",
"X-Idaas-Rest-Subject-Value":"eyJhbGciOiJSUzUxM...411OC6qw",
"X-Idaas-Rest-Application-Context":"<webgate context>",
"X-Idaas-Rest-Application-Resource":"http:\/\/am-v40z-04.us.example.com:7777\/index.html",
"X-Idaas-Rest-New-Token-Type-To-Create":"ACCESSTOKEN",
"deviceProfile":
{
"oracle:idm:claims:client:sdkversion":"11.1.2.0.0",
"hardwareIds":
{
"oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
"oracle:idm:claims:client:phonenumber":"1-650-555-1234",
"oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
"oracle:idm:claims:client:imei":"010113006310121"
},
"oracle:idm:claims:client:jailbroken":false,
"oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
"oracle:idm:claims:client:networktype":"PHONE_CARRIER",
"oracle:idm:claims:client:vpnenabled":false,
"oracle:idm:claims:client:ostype":"iPhone OS",
"oracle:idm:claims:client:phonecarriername":"AT&T",
"oracle:idm:claims:client:locale":"EN-US",
"oracle:idm:claims:client:osversion":"4.0"
}
"handles":
{"oaam.session":"21_9e2e728b3180a7a3c9b80cef542c58339c2c7ed0e1a3ba66db4807ef1cf1523d",
"oaam.device":"23_3a958d144b04f91c53b4236ed9f880357122df946f14ba21d957be5b49ef529b"
}
}'
curl -H "Content-Type: application/json" --request POST
http://hostname.example.com:18001/idaas_rest/rest/mobilejwtauthentication/authenticate
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-H 'X-IDAAS-REST-AUTHORIZATION: UIDPASSWORD cred="T0lDU2VjdXJpdHlBc...TFPQzZxdw=="'
-d
'{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL"
"X-Idaas-Rest-Subject-Username":"jdoe",
"X-Idaas-Rest-Subject-Password":"password123",
"X-Idaas-Rest-New-Token-Type-To-Create":"USERTOKEN",
"OAM-Token-Type-To-Create":"USERTOKEN::OAMMT",
"deviceProfile":
{
"oracle:idm:claims:client:sdkversion":"11.1.2.0.0",
"hardwareIds":
{
"oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
"oracle:idm:claims:client:phonenumber":"1-650-555-1234",
"oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
"oracle:idm:claims:client:imei":"010113006310121"
},
"oracle:idm:claims:client:jailbroken":false,
"oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
"oracle:idm:claims:client:networktype":"PHONE_CARRIER",
"oracle:idm:claims:client:vpnenabled":false,
"oracle:idm:claims:client:ostype":"iPhone OS",
"oracle:idm:claims:client:phonecarriername":"AT&T",
"oracle:idm:claims:client:locale":"EN-US",
"oracle:idm:claims:client:osversion":"4.0"
}
"handles":
{"oaam.session":"21_9e2e728b3180a7a3c9b80cef542c58339c2c7ed0e1a3ba66db4807ef1cf1523d",
"oaam.device":"23_3a958d144b04f91c53b4236ed9f880357122df946f14ba21d957be5b49ef529b"
}
}'
Knowledge-based authentication (KBA) is an authentication scheme in which the user is asked to answer at least one question.
The Request to Register a Device
curl -H "Content-Type: application/json" --request POST
http://server1.example.com:14100/
oic_rest/rest/mobileoamauthentication/register -H
'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain'
-d '{
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE",
"X-Idaas-Rest-Subject-Password":"password555",
"deviceProfile":
{
"oracle:idm:claims:client:sdkversion":"11.1.2.0.0","hardwareIds":
{
"oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
"oracle:idm:claims:client:phonenumber":"1-650-555-1234",
"oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
"oracle:idm:claims:client:imei":"010113006310121"
},
"oracle:idm:claims:client:jailbroken":false,
"oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
"oracle:idm:claims:client:networktype":"PHONE_CARRIER",
"oracle:idm:claims:client:vpnenabled":false,
"oracle:idm:claims:client:ostype":"iPhone OS",
"oracle:idm:claims:client:phonecarriername":"AT&T",
"oracle:idm:claims:client:locale":"EN-US",
"oracle:idm:claims:client:osversion":"4.0"
},
"X-Idaas-Rest-Subject-Username":"JohnS",
"clientId":"OICSSOApp",
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL"}'
The Response Containing the KBA Question
{
"handles":
{
"oaam.device":
{
"expirationTSInSec":1352076952,
"value":"563_23552f26e974030dc160...c363d47a01918caf2f97"},
"oaam.session":
{
"expirationTSInSec":1350609323,
"value":"561_419dc5ee6b325535dd0...b73c74573a49dec233a"
},
"oic.multiStepAuthnSessionHandle":
{
"expirationTSInSec":1350606623,
"value":"eyJvcmlnU2VjdXJpdHlFdlsiU..1hclb2FtYXdGljYXRpb24ifQ=="
}
},
"message":"The Challenge Action is triggered",
"multi-step-challenge-question":
{
"challengeType":"KBA",
"locale":"en",
"questionRefId":"112",
"questionStr":"What was the year of your favorite sports moment?"
},
"oicErrorCode":"IDAAS-61010","status":"REQUIRE_MULTI_STEP_AUTHN"}
The Request to Register the Device Containing the KBA Answer
curl -H "Content-Type: application/json" --request POST
http://server1.example.com:14100/oic_rest/rest/mobileoamauthentication/register
-H 'X-IDAAS-SERVICEDOMAIN:MobileServiceDomain' -d
'{"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTREGHANDLE",
"X-Idaas-Rest-Subject-Password":"password555","deviceProfile":
{"oracle:idm:claims:client:sdkversion":"11.1.2.0.0","hardwareIds":
{"oracle:idm:claims:client:udid":"0e83ff56a12a9cf0c7",
"oracle:idm:claims:client:phonenumber":"1-650-555-1234",
"oracle:idm:claims:client:macaddress":"00-16-41-34-2C-A6",
"oracle:idm:claims:client:imei":"010113006310121"},
"oracle:idm:claims:client:jailbroken":false,
"oracle:idm:claims:client:geolocation":"+40.689060,-74.044636",
"oracle:idm:claims:client:networktype":"PHONE_CARRIER",
"oracle:idm:claims:client:vpnenabled":false,
"oracle:idm:claims:client:ostype":"iPhone OS",
"oracle:idm:claims:client:phonecarriername":"AT&T",
"oracle:idm:claims:client:locale":"EN-US",
"oracle:idm:claims:client:osversion":"4.0"},
"X-Idaas-Rest-Subject-Username":"JohnS","multi-step-challenge-answer":
{"challengeType":"KBA","locale":"EN-US","answerStr":
"moment","questionRefId":"112"},
"handles":{"oaam.session":"561_419dc5ee6b325535dd026c882ac67cabc271dd7e0297ab73c74573a49dec233a",
"oaam.device":"563_23552f26e974030dc16018cc6b76237432c363d47a019cec8c73aa318caf2f97",
"oic.multiStepAuthnSessionHandle":
"eyJvcmlnU2VjdXJpdHlFdmVudHMiOlsiUkVHX1NFQ1VSSVRZX0NMSUVOVF9BUFAiXSwib3JpZ1JlcU1hc
CI6eyJjbGllbnRJUEFkZHJlc3MiOiIxMC4xMzMuMTM5LjE0MyIsIlgtSWRhYXMtUmVzdC1TdWJqZWN0LVB
hc3N3b3JkIjoid2VsY29tZTEiLCJYLUlkYWFzLVJlc3QtTmV3LVRva2VuLVR5cGUtVG8tQ3JlYXRlIjoiQ
0xJRU5UUkVHSEFORExFIiwiWC1JZGFhcy1SZXN0LVN1YmplY3QtVXNlcm5hbWUiOiJKb2huUyIsImNsaWV
udElkIjoiT0lDU1NPQXBwIiwiWC1JZGFhcy1SZXN0LVN1YmplY3QtVHlwZSI6IlVTRVJDUkVERU5USUFMI
n0sImNvbnRyYWN0TmFtZSI6Ik1vYmlsZVNlcnZpY2VEb21haW4iLCJzZXJ2aWNlSWRFUCI6IlwvbW9iaWx
lb2FtYXV0aGVudGljYXRpb24ifQ=="},"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL"}'
The Response with a Client Registration Handle
{"X-Idaas-Rest-Token-Value":"eyJvcmFjbGU6aWRtOmNsYWltczpjbGllbnQ6c2RrdmVyc2lvbiI6I
jExLjEuMi4wLjAiLCJ0b2tlblR5cGUiOiJDTElFTlRSRUdIQU5ETEUiLCJvcmFjbGU6aWRtOmNsYWltczp
jbGllbnQ6bWFjYWRkcmVzcyI6IjAwLTE2LTQxLTM0LTJDLUE2IiwicmVnVXNlciI6IkpvaG5TIiwiaXNzI
joiTW9iaWxlT0FNQXV0aGVudGljYXRpb24iLCJvcmFjbGU6aWRtOmNsYWltczpjbGllbnQ6b3N0eXBlIjo
iaVBob25lIE9TIiwib3JhY2xlOmlkbTpjbGFpbXM6Y2xpZW50OmltZWkiOiIwMTAxMTMwMDYzMTAxMjEiL
CJyZWdUUyI6MTM1MDYwNTc4MCwianRpIjoiYTNlMWM1MjYtYjBjMS00ZDg0LThjYzAtZjYyMDNmYjM4NWV
lIiwib3JhY2xlOmlkbTpjbGFpbXM6Y2xpZW50Om9zdmVyc2lvbiI6IjQuMCIsImNsaWVudElkIjoiT0lDU
1NPQXBwIn0=.qA6Ez+gXNdLbk/hD5LRVDaBRK3t6b6IOOk7Z8iwW03s=",
"X-Idaas-Rest-Token-Type":"CLIENTREGHANDLE",
"handles":{"oaam.device":{"expirationTSInSec":1352077009,"value":"563_
23552f26e974030dc16018cc6b76237432c363d47a019cec8c73aa318caf2f97"},
"oaam.session":{"expirationTSInSec":1350609380,"value":"561_
419dc5ee6b325535dd026c882ac67cabc271dd7e0297ab73c74573a49dec233a"}}}
The client can specify the tenant name as shown in the following example:
curl -H "Content-Type: application/json" ****-H "MY-MT-NAME: sales"****
--request POST http://localhost:18001/oic_rest/rest/jwtauthentication/authenticate
-d '{
"X-Idaas-Rest-Subject-Type":"USERCREDENTIAL",
"X-Idaas-Rest-Subject-Username":"profileid3",
"X-Idaas-Rest-Subject-Password":"clientpassword",
"X-Idaas-Rest-New-Token-Type-To-Create":"CLIENTTOKEN"}'
Also see "Enabling the REST Client to Specfy the Tenant Name" in the Administrator's Guide for Oracle Access Management.
Mobile and Social REST API error messages are documented in the Oracle Fusion Middleware Error Message Reference. The "IDAAS" prefix designates Mobile and Social messages.