Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

Identity Manager 9.2 - REST API Reference Guide

HTTP response codes

Responses from the REST API use the codes listed below. When method executions fail, a descriptive error message is displayed.

Table 1: HTTP response codes

Response status codes

Description

200

Success.

204

Success. No content returned.

401

Unauthorized. To use the One Identity Manager REST API, you first have to authenticate it against the application server.

404

Not found. The requested entity is not found.

405

Method not allowed. The HTTP request method that was specified is not the correct method for the request.

500

Internal server error. The error message is returned in the property error string of the response.

{

"responseStatus": {

"message": "Sample text"},

"errorString": "Sample text",

"exceptions": [{

"number": 810017,

"message": "Sample text"}

]

}

Due to security, the detailed error message will not be returned to the caller. More information can be retrieved from the application server log on the application server.

Authentication

One Identity Manager uses different authentication modules for logging into the REST API. Authentication modules identify the system users to be used and load the user interface and database resource editing permissions depending on their permission group memberships.

NOTE:

  • After initial schema installation, only the System user and Component Authenticator authentication modules and the role-based authentication modules are enabled in One Identity Manager.

  • Authentication modules are defined in the modules and are not available until One Identity Manager modules are installed.

  • To access the REST API from external applications you can use the OAuth 2.0/OpenID Connect and OAuth 2.0/OpenID Connect (rolebased) authentication modules. For more detailed information, see the One Identity Manager Authorization and Authentication Guide.

  • To access the REST API in the application server, users need the program function Enables access to the REST API in the application server (AppServer_API).

Related topics

Initial data for authentication modules

The authentication string is formatted as follows:

Module=<name>;<property1>=<value1>;<property2>=<value2>,…

Example:

Module=DialogUser;User=<user name>;Password=<password>

The initial data is one part of the authentication string (parameter-value pair without module ID). Initial data from the authentication string is pre-allocated by default for each authentication instance. Some authentication modules are not requiring any parameter besides specifying the authentication module.

For more information about authentication modules, see the One Identity Manager Authorization and Authentication Guide.

Identifying activated authentication modules

The list of supported, respectively activated authentication modules can be retrieved using the URL <BaseURL>/appserver/authmodules.

Table 2: List authentication modules request

HTTP method

URI

Body

Get

<BaseURL>/appserver/authmodules

None

Response schema:

{

"id": String,

"caption": String,

"passwordBased": Boolean,

"isDefault": Boolean

}

Example:

https://<Hostname>/AppServer/appserver/authmodules

Response:

[{

"id": "RoleBasedManualADS",

"caption": "Active Directory user account (manual input/role based)",

"passwordBased": false,

"isDefault": false

},

{

"id": "RoleBasedADSAccount",

"caption": "Active Directory user account (role based)",

"passwordBased": false,

"isDefault": false

},

{

"id": "DialogUser",

"caption": "System user",

"passwordBased": false,

"isDefault": true

},

{

"id": "RoleBasedPerson",

"caption": "Identity (role based)",

"passwordBased": false,

"isDefault": false

},

{

"id": "OAuthRoleBased",

"caption": "OAuth 2.0 (role based)",

"passwordBased": false,

"isDefault": false

},

{

"id": "OAuth",

"caption": "OAuth 2.0",

"passwordBased": false,

"isDefault": false

},

{

"id": "ADSAccount",

"caption": "Active Directory user account",

"passwordBased": false,

"isDefault": false

},

{

"id": "DynamicPerson",

"caption": "Identity (dynamic)",

"passwordBased": false,

"isDefault": false

}]

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating