Chat now with support
Chat with Support

Identity Manager 8.0 - REST API Reference Guide

Authentication

One Identity Manager uses different authentication modules for logging into the REST API. Authentication modules identify the system users to be used and load the user interface and database resource editing permissions depending on their permission group memberships.

NOTE:

  • After initial schema installation, only the authentication modules "System user" and "Component Authenticator" and the role-based authentication modules are enabled in the One Identity Manager.
  • Authentication modules are defined in the modules and are not available until the One Identity Manager modules are installed.

Initial Data for authentication modules

The authentication string is formatted as follows:

Module=<name>;<property1>=<value1>;<property2>=<value2>,…

Example: Module=DialogUser;User=<user name>;Password=*****

The initial data is one part of the authentication string (parameter-value pair without module ID). Initial data from the authentication string is pre-allocated by default for each authentication instance. Some authentication modules are not requiring any parameter besides specifying the authentication module.

For more detailed information about authentication modules, see the One Identity Manager Configuration Guide.

Identifying activated authentication modules

The list of supported, respectively activated authentication modules can be retrieved using the URL <BaseURL>/appserver/authmodules.

Table 2: List authentication modules request

HTTP Method

URI

Body

Get

<BaseURL>/appserver/authmodules

None

Response schema:

{

"id": String,

"caption": String,

"passwordBased": Boolean,

"isDefault": Boolean

}

Example

https://<Hostname>/AppServer/appserver/authmodules

Response:

[{

"id": "RoleBasedManualADS",

"caption": "Active Directory user account (manual input/role based)",

"passwordBased": false,

"isDefault": false

},

{

"id": "RoleBasedADSAccount",

"caption": "Active Directory user account (role based)",

"passwordBased": false,

"isDefault": false

},

{

"id": "DialogUser",

"caption": "System user",

"passwordBased": false,

"isDefault": true

},

{

"id": "RoleBasedPerson",

"caption": "Employee (role based)",

"passwordBased": false,

"isDefault": false

},

{

"id": "OAuthRoleBased",

"caption": "OAuth 2.0 (role based)",

"passwordBased": false,

"isDefault": false

},

{

"id": "OAuth",

"caption": "OAuth 2.0",

"passwordBased": false,

"isDefault": false

},

{

"id": "ADSAccount",

"caption": "Active Directory user account",

"passwordBased": false,

"isDefault": false

},

{

"id": "DynamicPerson",

"caption": "Employee (dynamic)",

"passwordBased": false,

"isDefault": false

}]

Related Documents