The attributes REST interface will search the configured database for identity information about the defined user. It retrieves roles and common attributes (including first name and last name) and is used by applications to obtain a user's profile for application-controlled authorization. (It is assumed the user defined by subjectid has the appropriate permissions to display their own identity information.) The URL needs to be populated with the following information.
subjectid defines the tokenid of the user whose identity information is being returned.
attributes_names defines one or more LDAP attributes for which values will be returned. If not defined the URL would return all attributes in the profile.
This is an example URL that would return the specified attribute values from the user's LDAP profile.
http://OpenSSO-host:OpenSSO-port/opensso/identity/attributes?attributes_names=uid &subjectid=AQIC5wM2LY4Sfcz6eH4abOQ0el7pnDqmOn6nnn1nrcuE8/w=@AAJTSQACMDE=# |
The URL might return something like this:
userdetails.token.id=AQIC5wM2LY4Sfcz6eH4abOQ0el7pnDqmOn6nnn1nrcuE8/w=@AAJTSQACMDE=# userdetails.attribute.name=sn userdetails.attribute.value=jning userdetails.attribute.name=cn userdetails.attribute.value=jning userdetails.attribute.name=objectclass userdetails.attribute.value=sunFederationManagerDataStore userdetails.attribute.value=top userdetails.attribute.value=iplanet-am-managed-person userdetails.attribute.value=iplanet-am-user-service userdetails.attribute.value=organizationalperson userdetails.attribute.value=inetadmin userdetails.attribute.value=iPlanetPreferences userdetails.attribute.value=person userdetails.attribute.value=inetuser userdetails.attribute.value=sunAMAuthAccountLockout userdetails.attribute.value=sunIdentityServerLibertyPPService userdetails.attribute.value=inetorgperson userdetails.attribute.value=sunFMSAML2NameIdentifier userdetails.attribute.name=userpassword userdetails.attribute.value={SSHA}XhiE0RMwO/D7SSQ5fYLrTlFjmbHmYbQkIU43FA== userdetails.attribute.name=uid userdetails.attribute.value=jning userdetails.attribute.name=givenname userdetails.attribute.value=jning userdetails.attribute.name=inetuserstatus userdetails.attribute.value=Active
The operation might also return TokenExpired when the token has expired or GeneralFailure on other errors.