Chat now with support
Chat with Support

Identity Manager 9.0 LTS - REST API Reference Guide

Authentication

One Identity Manager uses different authentication modules for logging into the REST API. Authentication modules identify the system users to be used and load the user interface and database resource editing permissions depending on their permission group memberships.

NOTE:

  • After initial schema installation, only the System user and Component Authenticator authentication modules and the role-based authentication modules are enabled in One Identity Manager.

  • Authentication modules are defined in the modules and are not available until One Identity Manager modules are installed.

  • To access the REST API from external applications you can use the OAuth 2.0/OpenID Connect and OAuth 2.0/OpenID Connect (rolebased) authentication modules. For more detailed information, see the One Identity Manager Authorization and Authentication Guide.

  • To access the REST API in the application server, users need the program function Enables access to the REST API in the application server (AppServer_API).

Related topics

Initial data for authentication modules

The authentication string is formatted as follows:

Module=<name>;<property1>=<value1>;<property2>=<value2>,…

Example:

Module=DialogUser;User=<user name>;Password=<password>

The initial data is one part of the authentication string (parameter-value pair without module ID). Initial data from the authentication string is pre-allocated by default for each authentication instance. Some authentication modules are not requiring any parameter besides specifying the authentication module.

For more information about authentication modules, see the One Identity Manager Authorization and Authentication Guide.

Identifying activated authentication modules

The list of supported, respectively activated authentication modules can be retrieved using the URL <BaseURL>/appserver/authmodules.

Table 2: List authentication modules request

HTTP method

URI

Body

Get

<BaseURL>/appserver/authmodules

None

Response schema:

{

"id": String,

"caption": String,

"passwordBased": Boolean,

"isDefault": Boolean

}

Example:

https://<Hostname>/AppServer/appserver/authmodules

Response:

[{

"id": "RoleBasedManualADS",

"caption": "Active Directory user account (manual input/role based)",

"passwordBased": false,

"isDefault": false

},

{

"id": "RoleBasedADSAccount",

"caption": "Active Directory user account (role based)",

"passwordBased": false,

"isDefault": false

},

{

"id": "DialogUser",

"caption": "System user",

"passwordBased": false,

"isDefault": true

},

{

"id": "RoleBasedPerson",

"caption": "Employee (role based)",

"passwordBased": false,

"isDefault": false

},

{

"id": "OAuthRoleBased",

"caption": "OAuth 2.0 (role based)",

"passwordBased": false,

"isDefault": false

},

{

"id": "OAuth",

"caption": "OAuth 2.0",

"passwordBased": false,

"isDefault": false

},

{

"id": "ADSAccount",

"caption": "Active Directory user account",

"passwordBased": false,

"isDefault": false

},

{

"id": "DynamicPerson",

"caption": "Employee (dynamic)",

"passwordBased": false,

"isDefault": false

}]

Getting details of an authentication module

To get the details for a specific authentication module, use the URL <baseURL>/appserver/authmodules/{id}.

Table 3: Get authentication module request

HTTP method

URI

Body

Get

<BaseURL>/appserver/authmodules/{id}

None

Table 4: Get authentication module parameters

Parameter

Description

Parameter type

Data type

id

Authentication module (required)

path

string

Response schema:

[{

"id": String,

"caption": String,

"authTemplate": String,

"passwordBased": Boolean,

"isDefault": Boolean

}]

Example:

https://<Hostname>/AppServer/appserver/authmodules/DialogUser

Response:

[{

"id": "DialogUser",

"caption": "System user",

"authTemplate": "Module=DialogUser;User[VI.DB_USER]=;(Password)Password[VI.DB_Password]=",

"passwordBased": true,

"isDefault": false

}]

The values in the property authTemplate can be used to identify the format of the authString needed to authenticate against the application server. You can ignore the parts in [] and () as those are the caption keys and value types used in the front ends only.

For example, a valid authentication string would be Module=DialogUser;User=MyUser;Password=$ecret.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating