|
Oracle® Identity Management Application Developer's Guide
10g Release 2 (10.1.2) Part No. B14087-01 |
|
 Previous |
 Next |
|
Oracle® Identity Management Application Developer's Guide
10g Release 2 (10.1.2) Part No. B14087-01 |
|
|
Previous |
Next |
This chapter describes the Oracle extensions to the DAS_URL Service Interface. It contains these sections:
Table 12-1 lists the Oracle Delegated Administration Services units and the directory entries that store relative URLs for these units.
Table 12-1 Service Units and Corresponding Entries
| Service Unit | Entry |
|---|---|
| Create User |
cn=CreateUser,cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext |
| Edit User |
cn=EditUser,cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext |
| Edit User when GUID is passed as a parameter |
cn=EditUserGivenGUID,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Delete User |
cn=DeleteUser,cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext |
| Delete User when GUID of the user to be deleted is passed as a parameter |
cn=DeleteUserGivenGUID,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Create Group |
cn=CreateGroup,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Edit Group |
cn=EditGroup,cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext |
| Edit the group whose GUID is passed through a parameter |
cn=EditGroupGivenGUID,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Delete Group |
cn=DeleteGroup,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Delete group with the GUID passed through a parameter |
cn=DeleteGroupGivenGUID,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Assign privileges to a user |
cn=UserPrivilege,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Assign privileges to a user with the GUID passed through a parameter |
cn=UserPrivilegeGivenGUID,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Assign privilege to a group |
cn=GroupPrivilege,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Assign privilege to a group with the given GUID |
cn=GroupPrivilegeGivenGUID,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| View User account information/Profile |
cn=AccountInfo,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Edit User account Information/Profile |
cn=Edit My Profile,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Change Password |
cn=PasswordChange,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Search User |
cn=UserSearch,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Search Group |
cn=GroupSearch,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Search User LOV |
cn=UserLOV,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| Search Group LOV |
cn=GroupLOV,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
| EUS Console |
cn=EUS Console,cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext" |
| Delegation Console |
cn=DelegationConsole,cn=OperationURLs,cn=DAS,cn=Products, cn=OracleContext |
Table 12-2 lists the DAS units and the URL parameters that can be passed to these units.
Table 12-2 DAS Units and Corresponding URL Parameters
| DAS Unit | Parameter | Return Values |
|---|---|---|
| Create User |
doneURL homeURL cancelURL enablePA |
returnGUID |
| Edit User |
homeURL doneURL cancelURL enablePA |
- |
| EditUserGivenGUID |
homeURL doneURL cancelURL enablePA userGUID |
- |
| EditMyProfile |
homeURL doneURL cancelURL |
- |
| Delegation Console | - | - |
| DeleteUser |
homeURL doneURL cancelURL |
- |
| DeleteUserGivenGUID |
homeURL doneURL cancelURL userGUID |
- |
| UserPrivilege |
homeURL doneURL cancelURL |
|
| UserPrivilegeGivenGUID |
homeURL doneURL cancelURL userGUID |
- |
| CreateGroup |
homeURL doneURL cancelURL enablePA parentDN |
returnGUID |
| EditGroup |
homeURL doneURL cancelURL enablePA |
- |
| EditGroupGivenGUID |
homeURL doneURL cancelURL enablePA groupGUID |
- |
| DeleteGroup |
homeURL doneURL cancelURL |
- |
| DeleteGroupGivenGUID |
homeURL doneURL cancelURL groupGUID |
- |
| GroupPrivilege |
homeURL doneURL cancelURL |
- |
| GroupPrivilegeGivenGUID |
homeURL doneURL cancelURL groupGUID |
- |
| AccountInfo |
homeURL doneURL cancelURL |
- |
| PasswordChange |
homeURL doneURL cancelURL |
- |
| UserSearch |
homeURL doneURLm cancelURL |
- |
| GroupSearch |
homeURL doneURL cancelURL |
- |
| UserLOV |
base cfilter title dasdomain callbackURL |
userDn userGuid userName nickName userEmail |
| GroupLOV |
otype base cfilter title dasdomain callbackURL |
groupDN groupGuid groupName groupDescription |
The parameters described in Table 12-3 are used with DAS units.
Table 12-3 DAS URL Parameter Descriptions
| Parameter | Description |
|---|---|
homeURL |
The URL that is linked to the global button Home. When the calling application specifies this value, clicking Home redirects the DAS unit to the URL specified by this parameter. |
doneURL |
This URL is used by DAS to redirect the DAS page at the end of each operation. In the case of Create User, once the user is created, clicking OK redirects the URL to this location. |
callbackURL |
DAS uses this URL to send return values to the invoking application. For UserLOV and GroupLOV units, the return values are submitted as HTML form parameters through the HTTP POST method. |
cancelURL |
This URL is linked with all the Cancel buttons shown in the DAS units. Any time the user clicks Cancel, the page is redirected to the URL specified by this parameter. |
enablePA |
This parameter takes a Boolean value of true or false. Set to true, the parameter enables the Assign Privileges in User or Group operation. If the enablePA is passed with value of true in the Create User page, the Assign Privileges to User section also appears in the Create User page.
|
userGUID |
This is the GUID of the user to be edited or deleted. This corresponds to the orclguid attribute. Specifying the GUID causes the search for the user step in either editUser or deleteUser units to be skipped. |
GroupGUID |
This is the GUID of the group to be edited or deleted. This corresponds to the orclguid attribute. Specifying the GUID causes the search for the group step in either editGroup or deleteGroup units to be skipped. |
parentDN |
When this parameter is specified in CreateGroup, the group is created under this container. If the parameter is not specified, group creation defaults to the group search base. |
base |
This parameter represents the search base in the case of search operations. |
cfilter |
This parameter represents the filter to be used for the search. This filter is LDAP compliant. |
title |
This parameter represents the title to be shown in the Search and Select LOV page. |
otype |
This parameter represents the object type used for search. Values supported are Select, Edit, and Assign.
|
returnGUID |
This parameter is appended to the done URL in case of a create operation. The value will be the orclguid of the new object. |
dasdomain |
This parameter is needed only when the browser is Internet Explorer and the calling URL and the DAS URL are on different hosts and in the same domain. An example value is us.oracle.com. Note the calling application also needs to set the document.domain parameter on the formload. For more details, refer to Microsoft support at:
|
DAS provides service units for searching and selecting users or groups. These service units are sometimes referred to as user or group List Of Values (LOV).
A custom application can open a popup window and populate its contents by supplying a search-and-select URL for a user or group:
http://a.b.c:port/oiddas/ui/oracle/ldap/das/search/LOVUserSearch?title=User& callbackurl=http://x.y.z:port/custapp/Callback
or
http://a.b.c:port/oiddas/ui/oracle/ldap/das/search/LOVGroupSearch?title= Group&callbackurl=http://x.y.z:port/custapp/Callback
In these examples, a.b.c:port is the host name and port of the OID DAS application server. x.y.z:port is the host name and port of the custom application server. title is a string that appears in the title of the Search and Select page. callbackurl is a URL on the custom application server that receives the selected parameters for users or groups.
|
Note: To avoid popup blocking, the custom application may open the popup window with a URL on the local custom application server and immediately redirect to the OID DAS User or Group Search-and-Select URL. |
After a User or Group has been selected via the OID DAS User or Group Search-and-Select Service Unit, an HTTP form will be submitted to the callbackurl page using the POST method. The parameters defined in Table 12-4 and Table 12-5 are available to the callbackurl page:
Table 12-4 User Search and Select
| Parameter | Description |
|---|---|
userDn |
User's distinguished name. |
userGuid |
User's global unique ID. |
userName |
User's name. |
nickName |
User's nickname |
userEmail |
User's email. |
Table 12-5 Group Search and Select
| Parameter | Description |
|---|---|
groupDN |
Group's distinguished name. |
groupGuid |
Group's global unique ID. |
groupName |
Group's name. |
groupDescription |
Group's description. |
The callbackurl page in the popup window may transfer the form parameters to the invoking page in the opener window using JavaScript. It may then close the popup window.
|
Note: To avoid JavaScript security problems, the custom application may supply the callbackurl page on the same server as the invoking page. This enables the callbackurl page in the popup window and the invoking page in the opener window to communicate directly through JavaScript. |
