Configuring impersonation with Management API - SSO

Owned by Former user (Deleted)
Last updated: 2023-09-29

In case of client credentials grant in the authorized access use case, a client application impersonates a user that has authorized access to 1-to-n server applications. See also https://ubisecuredev.atlassian.net/wiki/spaces/IDS20232/pages/9138405377.

Impersonation is configured as a specific link between the application and the user.

NOTE that if an application impersonates a user which is deleted from the system also the link will be removed. A new user must be linked to the application to make client credentials grant authorized access use case functional again.

About SSO Management API in general, see https://ubisecuredev.atlassian.net/wiki/spaces/IDS20232/pages/9084604263.

Manage impersonation from application side

Link name: impersonateAs

An application may have one impersonateAs link to one user.

Method

Example request

Example response

Description

Method

Example request

Example response

Description

GET

GET /application/Example/client1/$link/impersonateAs

When there is a link to Example/user1:

{ "type": "application", "id": "/application/Example/client1", "objects": [ { "type": "user", "id": "/user/Example/user1", "link": "impersonateAs" } ] }

Get the user linked to the given application with an impersonateAs link

PUT

PUT /application/Example/client1/$link/impersonateAs/user/Example/user1

{ "type": "application", "id": "/application/Example/client1", "objects": [ { "type": "user", "id": "/user/Example/user1", "link": "impersonateAs" } ] }

Create or update the link from application to the user. No action if the link between the given application and user already exists. If another user name is given an existing impersonateAs link to a previous user will be replaced with a link to the given user.

DELETE

PUT /application/Example/client1/$link/impersonateAs/user/Example/user1

{ "type": "application", "id": "/application/Example/client1" }

Remove the link from application to the user.

Manage impersonation from user side

Link name: impersonatedBy

The same user may have impersonatedBy links to several applications.

Method

Example request

Example response

Description

Method

Example request

Example response

Description

GET

GET /user/Example/user1/$link/impersonatedBy

When there is a link to both Example/client1 and Example/client2:

Get the applications linked to the given user with an impersonatedBy link

PUT

PUT /user/Example/user1/$link/impersonatedBy/application/Example/client1

Create or update the link from user to an application. No action if a link between the given user and application already exists. If another application name is given an existing impersonatedBy link to a previous application will be supplemented with a new link to the given application.

DELETE

PUT /user/Example/user1/$link/impersonatedBy/application/Example/client1

Remove the link from user to the application.

 

Ubisecure Privacy Policy & Cookie Statement