REST API 1.0 - CustomerID

Modification Operations

MOD001b Create Organization

Description

Create a new organization, suborganization or virtual organization.

Target Type

Collection

Request URL

Request URL defines the parent of the organization to be created.

Examples

  • https://HOSTNAME/eidm2/services/orgs/
  • https://HOSTNAME/eidm2/services/orgs/ORGANIZATION/
  • https://HOSTNAME/eidm2/services/orgs/ORGANIZATION/SUBORG/
  • https://HOSTNAME/eidm2/services/orgs/VIRTUALORG/SUBVORG/
  • https://HOSTNAME/eidm2/services/orgs/1234567-8/
  • https://HOSTNAME/eidm2/services/orgs/1234567-8/123456789/

Request Method

POST

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

virtual

Boolean

 

 

false

Defines whether the organization is virtual.

organizationId

String

 

X

 

Unique name of the organization to be created.

friendlyName

String

 

X

 

Human readable name of the organization.

organizationClass (or organizationType)

String from Configured Set

 

 

 

Organization type defining the initial configuration of the created organization. We support both the old parameter name (organizationClass) and the new parameter name (organizationType).

"custom attribute"

String

X

 

 

Organization's custom attribute and a value (multiple values are separated with comma). For example, vatnumber=12345

Curl Example

curl --insecure -X POST "https://localhost:7443/eidm2/services/orgs/?username=restuser&password=secret&organizationId=6666666-6&friendlyName=TestOrganization"

Response Document

 <idlist>
  <Id>https://HOSTNAME/eidm2/services/org/example1/dep1</Id>
 </idlist>

MOD002 Remove Organization

Description

Remove the specified organization.

Target Type

Entity

Request URL

Request URL defines the organization to be removed. Response document contains a list of removed entities (organizations, roles, and users).

Examples

  • https://HOSTNAME/eidm2/services/org/ORGANIZATION
  • https://HOSTNAME/eidm2/services/org/ORGANIZATION/SUBORG
  • https://HOSTNAME/eidm2/services/org/VIRTUALORG/SUBVORG
  • https://HOSTNAME/eidm2/services/org/1234567-8
  • https://HOSTNAME/eidm2/services/org/1234567-8/123456789

Request Method

DELETE

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

recursive

Boolean

 

 

false

Allow deleting organizations with sub-organizations.

Curl Example

curl --insecure -X DELETE "https://localhost:7443/eidm2/services/org/6666666-6?username=restuser&password=secret&recursive=true"

Response Document

 <idlist>
  <Id>https://HOSTNAME/eidm2/services/org/example1/dep1</Id>
  <Id>https://HOSTNAME/eidm2/services/role/example1/OrganizationMainUser</Id>
  <Id>https://HOSTNAME/eidm2/services/role/example1/OrganizationUser</Id>
  <Id>https://HOSTNAME/eidm2/services/user/example1/abcd-1234</Id>
  <Id>https://HOSTNAME/eidm2/services/user/example1/efgh-5678</Id>
 </idlist>

MOD003b Update Organization

Description

Update the organization data. Replaces all the defined attributes, empty value removes the attribute, and missing attribute does not change the existing value.

Target Type

Entity

Request URL

Request URL defines the organization to be updated.

Examples

  • https://HOSTNAME/eidm2/services/org/ORGANIZATION
  • https://HOSTNAME/eidm2/services/org/ORGANIZATION/SUBORG
  • https://HOSTNAME/eidm2/services/org/VIRTUALORG
  • https://HOSTNAME/eidm2/services/org/VIRTUALORG/SUBVORG

Request Method

PUT

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

friendlyName

String

 

 

 

Human readable name of the organization.

organizationClass (or organizationType)

String from Configured Set

 

 

 

Organization type defining the initial configuration of the created organization. We support both the old parameter name (organizationClass) and the new parameter name (organizationType).

"custom attribute"

String

X

 

 

Organization's custom attribute and a value (multiple values are separated with comma). These attributes must have been defined in eidm2.properties (data.organization.fields or ui.admin.organizationinfo.fields.order) For example, organizationid=12345

Curl Example

curl --insecure -X PUT "https://localhost:7443/eidm2/services/org/6666666-6/?username=restuser&password=secret&friendlyName=TestOrganizationRENAME"

Response Document

 <idlist>
  <Id>https://HOSTNAME/eidm2/services/org/example1/dep1</Id>
 </idlist>

MOD004b Update User

Description

Update the user information. By default, does not create a new user if the user does not exist. This may be overridden with parameter create. Replaces all the defined attributes, empty value removes the attribute, and missing attribute does not change the existing value. Setting an empty password disables the password method for the user.

Target Type

Entity

Request URL

Request URL defines the user to be updated.

Examples

  • https://HOSTNAME/eidm2/services/user/ORGANIZATION/USER
  • https://HOSTNAME/eidm2/services/user/ORGANIZATION/SUBORG/USER

Request Method

PUT

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

uid

String

 

 

 

User login name.

email

String

 

 

 

User email address.

firstname

String

 

 

 

First name of the user.

surname

String

 

 

 

Surname of the user.

mobile

String

 

 

 

Mobile phone number.

localeString


Locale

hetu

String

 

 

 

Social Security Number (henkilötunnus)

pwd

String

 

 

 

New password.

otp.state (Deprecated)

String

 

 

 

New OTP state. This parameter is deprecated. OTP related REST services will be provided by OTP Server.

pwd.activated

Boolean

 

 

 

Defines if the password authentication method is actived for the user or not.

sms.activated (Deprecated)

Boolean

 

 

 

Defines if the SMS OTP authentication method is actived for the user or not. This parameter is deprecated. SMS OTP related REST services will be provided by OTP Server.

otp.activated (Deprecated)

Boolean

 

 

 

Defines if the OTP authentication method is actived for the user or not. This parameter is deprecated. OTP related REST services will be provided by OTP Server.

create

Boolean

 

 

 

Allow create

disable

Boolean

 

 

 

Disable User

enable

Boolean

 

 

 

Enable User

roles.remove

Boolean

 

 

 

Remove roles

mandates.remove

Boolean

 

 

 

Remove Mandates

"custom attribute"

String

X

 

 

User's custom attribute and a value (multiple values are separated with comma). These attributes must have been defined in eidm2.properties (data.user.fields, ui.selfservice.userinfo.fields.order, ui.admin.userinfo.fields.order or ui.admin.approvalinfo.fields.order) For example, age=45

Curl Example

curl --insecure -X PUT "https://localhost:7443/eidm2/services/user/6666666-6/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/?username=restuser&password=secret&mobile=%2B358401234567891"

Response Document

 <idlist>
  <Id>https://HOSTNAME/eidm2/services/user/example1/user1</Id>
 </idlist>

MOD005 Assign Role

Description

Assign a role for the user.

Target Type

Collection

Request URL

Request URL defines the role to be assigned for a user.

Examples

  • https://HOSTNAME/eidm2/services/assignments/ORGANIZATION/ROLE
  • https://HOSTNAME/eidm2/services/assignments/ORGANIZATION/SUBORG/ROLE
  • https://HOSTNAME/eidm2/services/assignments/VIRTUALORG/ROLE

Request Method

POST

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

user

Entity Name

 

X

 

User who the role is assigned for.

Curl Example

curl --insecure -X POST "https://localhost:7443/eidm2/services/assignments/6666666-6/TestRole/?username=restuser&password=secret&user=6666666-6/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"

Response Document

 <idlist/>

MOD006 Deassign Role

Description

Deassign a role from the user.

Target Type

Collection

Request URL

Request URL defines the role to be deassigned from a user.

Examples

  • https://HOSTNAME/eidm2/services/assignments/ORGANIZATION/ROLE
  • https://HOSTNAME/eidm2/services/assignments/ORGANIZATION/SUBORG/ROLE
  • https://HOSTNAME/eidm2/services/assignments/VIRTUALORG/ROLE

Request Method

DELETE

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

user

Entity Name

 

X

 

User who the role is deassigned from.

Curl Example

curl --insecure -X DELETE "https://localhost:7443/eidm2/services/assignments/6666666-6/TestRole/?username=restuser&password=secret&user=6666666-6/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"

Response Document

 <idlist/>

MOD007 Create Role

Description

Create a role.

Target Type

Entity

Request URL

Request URL defines the role to be created.

Examples

  • https://HOSTNAME/eidm2/services/role/ORGANIZATION/ROLE
  • https://HOSTNAME/eidm2/services/role/ORGANIZATION/SUBORG/ROLE
  • https://HOSTNAME/eidm2/services/role/VIRTUALORG/SUBVORG/ROLE

Request Method

PUT

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

memberOf

String

 

 

 

The created role will be member of this role

Curl Example

curl --insecure -X PUT "https://localhost:7443/eidm2/services/role/6666666-6/TestRole?username=restuser&password=secret"

Response Document

 <idlist>
  <Id>https://HOSTNAME/eidm2/services/role/testorg/testrole</Id>
 </idlist>

MOD008 Remove Role

Description

Remove a role from an organization or a virtual organization.

Target Type

Entity

Request URL

Request URL defines the role to be removed.

Examples

  • https://HOSTNAME/eidm2/services/role/ORGANIZATION/ROLE
  • https://HOSTNAME/eidm2/services/role/ORGANIZATION/SUBORG/ROLE
  • https://HOSTNAME/eidm2/services/role/VIRTUALORG/SUBVORG/ROLE

Request Method

DELETE

Request URL Parameters

No request specific request URL parameters.

Curl Example

curl --insecure -X DELETE "https://localhost:7443/eidm2/services/role/6666666-6/TestRole?username=restuser&password=secret"

Response Document

 <idlist>
  <Id>https://HOSTNAME/eidm2/services/role/testorg/testrole</Id>
 </idlist>

MOD009 Create User

Description

Create a new user. Creates a random unique identifier for the user.

NOTE: Be careful to store users only in normal organizations - not virtual, because the system does not currently validate automatically whether the organization is virtual and this will create an inconsistency situation that must be resolved with direct database operations.


Target Type

Entity

Request URL

Request URL defines the organization under which the user will be created.

Examples

  • https://HOSTNAME/eidm2/services/users/ORGANIZATION/
  • https://HOSTNAME/eidm2/services/users/ORGANIZATION/SUBORG/

Request Method

POST

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

uid

String

 

X

 

User login name.

email

String

 

X

 

User email address.

firstname

String

 

X

 

First name of the user.

surname

String

 

X

 

Surname of the user.

mobile

String

 

 

 

Mobile phone number.

hetu

String

 

 

 

Social Security Number (henkilötunnus)

pwd

String

 

 

 

Initialize the default password authentication method for the user with the specified password. If missing, the password method is not initialized for the user.

pwd.activated

Boolean

 

 

 

Defines if the password authentication method is actived for the user or not.

sms.activated (Deprecated)

Boolean

 

 

false

Defines if the SMS OTP authentication method is actived for the user or not. This parameter is deprecated. SMS OTP related REST services will be provided by OTP Server.

otp.activated (Deprecated)

Boolean

 

 

false

Defines if the OTP authentication method is actived for the user or not. This parameter is deprecated. OTP related REST services will be provided by OTP Server.

locale

String

 

 

 

Locale definition. It is used when selecting the right language for email notifications.

"custom attribute"

String

X

 

 

User's custom attribute and a value (multiple values are separated with comma). These attributes must have been defined in eidm2.properties (data.user.fields, ui.selfservice.userinfo.fields.order, ui.admin.userinfo.fields.order or ui.admin.approvalinfo.fields.order) For example, age=45

Curl Example

curl --insecure -X POST "https://localhost:7443/eidm2/services/users/6666666-6?username=restuser&password=secret&uid=leena&firstname=Leena&surname=Laine&email=leena.laine@example.com&pwd=Password1&loginuserprincipalname=leena.laine"

Response Document

 <idlist>
  <Id>https://HOSTNAME/eidm2/services/user/example1/user1</Id>
 </idlist>

MOD010b Remove User

Description

Remove the specified user.

Target Type

Entity

Request URL

Request URL defines the user to be removed.

Examples

  • https://HOSTNAME/eidm2/services/user/ORGANIZATION/user1
  • https://HOSTNAME/eidm2/services/user/ORGANIZATION/SUBORG/user2

Request Method

DELETE

Request URL Parameters

No request specific request URL parameters.

Curl Example

curl --insecure -X DELETE "https://localhost:7443/eidm2/services/user/6666666-6/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/?username=restuser&password=secret"

Response Document

 <idlist>
  <Id>https://HOSTNAME/eidm2/services/user/example1/user1</Id>
 </idlist>

MOD011 Initialization

Description

Initialize repository and/or database. Repository initialization creates required sites and authorization policies in LDAP. Database initialization removes and recreates existing database tables.
Initialization should be called only when first installing the system.

Target Type

Entity

Request URL

Request URL is static: https://HOSTNAME/eidm2/services/init/

Example

  • https://HOSTNAME/eidm2/services/init/

Request Method

POST

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

resetRepository

Boolean

 

 

false

Removes all organizations, users, and roles from the repository.

initializeDatabase

Boolean

 

 

false

Creates the missing mandatory repository structures and roles. Also, updates the repository to reflect the changed configuration.

synchronizeData

Boolean

 

 

false

Try to create those items into SQL database that are missing from it but present in LDAP.

initializeOrganizations

Boolean

 

 

false

Create roles to organizations based on organization type definitions. Only creates the missing roles but does not remove anything.

clearUniqueFields

Boolean

 

 

false

Clears unique field data from validators.

updateSamlApMetadata

Boolean

 

 

false

Write SAML AP metadata generated based on the identity file to SSO authentication method configuration.

refreshRoleHierarchyRules

Boolean

 

 

false

Updates roles' memberships with other roles to comply with the current Role Hierarchy Rules. Should be run if Role Hierarchy Rules are changed.

Curl Example

curl --insecure -X POST "https://localhost:7443/eidm2/services/init/?username=restuser&password=secret&resetRepository=true&initializeDatabase=true"

Response Document

 <idlist/>

MOD013 Update Users

Description

Update all users in given organization.

Target Type

Entity

Request URL

Request URL defines the user to be updated.

Examples

  • https://HOSTNAME/eidm2/services/users/ORGANIZATION
  • https://HOSTNAME/eidm2/services/users/ORGANIZATION/SUBORG

Request Method

PUT

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

disableUsers

Boolean

 

 

 

Disables all users in organization.

enableUsers

Boolean

 

 

 

Enables all users in organization.

deleteUsers

Boolean

 

 

 

Removes all users in organization.

removeRoles

Boolean

 

 

 

Removes all roles and mandate delegations from all users in organization.

removeMandates

Boolean

 

 

 

Removes mandates these users have assigned to other users, mandate delegations received and direct mandate receivals.

Curl Example

curl --insecure -X PUT "https://localhost:7443/eidm2/services/users/6666666-6/?username=restuser&password=secret&disableUsers=true"

Response Document

 <idlist>
  <Id>https://HOSTNAME/eidm2/services/user/example1/user1</Id>
  <Id>https://HOSTNAME/eidm2/services/user/example1/user2</Id>
  <Id>https://HOSTNAME/eidm2/services/user/example1/user3</Id>
 </idlist>

Request Operations

REQ001b List Users

Description

List users in the organization.

Target Type

Collection

Request URL

Request URL defines the organization which users are to be listed.

Examples

  • https://HOSTNAME/eidm2/services/users/
  • https://HOSTNAME/eidm2/services/users/ORGANIZATION/
  • https://HOSTNAME/eidm2/services/users/ORGANIZATION/
  • https://HOSTNAME/eidm2/services/users/ORGANIZATION/SUBORG/

Request Method

GET

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

entities

Boolean

 

 

false

Return list of entities instead of id list.

recursive

Boolean

 

 

false

Include users from the suborganizations.

email

String

 

 

 

Include only users with matching email address. Wildcard '*' is allowed.

mobile

String

 

 

 

Include only users with matching mobile phone number. Wildcard '*' is allowed.

maxResults

Integer

 

 

No Limit

Limit the maximum number of results. Exceeding the limit results in request error with error code 12.

assignments

Boolean

 

 

false

Include role assignments. Effective only if entities is true.

authInfo

Boolean

 

 

false

Include authentication credentials. Used for backup or provisioning. Effective only if entities is true.

Curl Example

curl --insecure -X GET "https://localhost:7443/eidm2/services/users/?username=restuser&password=secret&recursive=true"

Response Document

List of Identifiers

 <idlist>
  <Id>https://HOSTNAME/eidm2/services/user/example1/user1</Id>
  <Id>https://HOSTNAME/eidm2/services/user/example1/user2</Id>
  <Id>https://HOSTNAME/eidm2/services/user/example1/dep1/user3</Id>
 </idlist>

List of Entities

 <entitylist>  <user>...</user>  <user>...</user>  <user>...</user> </entitylist>

REQ002b Query User

Description

Query information about the specified user.

Target Type

Entity

Request URL

Request URL defines the queried user. Supported queries are:

  • query user with unique id
  • query user with ssn
  • query user with login
  • query user with email

The query is only based on one key-value pair and the priority is as follows: unique id, ssn, login, email, url.
For example, the following query would only query users with SSN.

  • https://HOSTNAME/eidm2/services/user/?ssn=010100-123&email=user@test.com

If none is defined, defaults to Request URL defines the queried user.

Examples

  • https://HOSTNAME/eidm2/services/user/?uniqueId=kwn06cvp-1123-dd29-0e1s-b4ia666f9l3j
  • https://HOSTNAME/eidm2/services/user/?ssn=010100-123D
  • https://HOSTNAME/eidm2/services/user/?login=user1
  • https://HOSTNAME/eidm2/services/user/?email=user@test.com
  • https://HOSTNAME/eidm2/services/user/ORGANIZATION/USERRELATIVENAME
  • https://HOSTNAME/eidm2/services/user/ORGANIZATION/SUBORG/USERRELATIVENAME
  • https://HOSTNAME/eidm2/services/user/USER_ENTITY_NAME

Request Method

GET

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

assignments

Boolean

 

 

true

Retrieve role assignments.

groups

Boolean

 

 

true

Retrieve group assignments.

authInfo

Boolean

 

 

false

Include authentication credentials. Used for backup or provisioning.

Curl Example

curl --insecure -X GET "https://localhost:7443/eidm2/services/user/6666666-6/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX?username=restuser&password=secret"

Response Document

 <user>
  <Id>https://HOSTNAME/eidm2/services/user/example1/user1</Id>
  <organization>https://HOSTNAME/eidm2/services/org/example1</organization>
  <organizationFriendlyName>Example Inc.</organizationFriendlyName>
  <status>Enabled</status>
  <attributes>
   <uid>john.doe</uid>
   <firstname>John</firstname>
   <surname>Doe</surname>
   <email>john.doe@example.com</email>
   <mobile>555-1234</mobile>
   <hetu>123456-7890</hetu>
   <cn>John Doe</cn>
   <organization>example1</organization>
   <customattribute name="custom1">
    <value>Value</Value>
    <value>Value2</Value>
   </customattribute>
  </attributes>
  <roleassignments>
   <roleassignment>
    <role>
     <Id>https://HOSTNAME/eidm2/services/role/example1/testrole</Id>
    </Role>
   </roleassignment>
  </roleassignments>
  <groupassignments>
   <groupassignment>
    <group>
     <Id>eIDMUser</Id>
    </group>
   </groupassignment>
  </groupassignments>
 </user>


Supported values

  • Status: Enabled, Disabled and Pending.
  • Attributes: Includes user's all attributes (including custom attributes). Number of fields may vary between configurations and users.

REQ003b List Organizations

Description

List organizations.

Target Type

Collection

Request URL

Request URL defines the organization in which the organizations to be listed are.

Examples

  • https://HOSTNAME/eidm2/services/orgs/
  • https://HOSTNAME/eidm2/services/orgs/ORGANIZATION/
  • https://HOSTNAME/eidm2/services/orgs/ORGANIZATION/SUBORG/
  • https://HOSTNAME/eidm2/services/orgs/VORG/

Request Method

GET

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

entities

Boolean

 

 

false

Return list of entities instead of id list.

recursive

Boolean

 

 

false

Include organizations from the suborganizations.

internal

Boolean

 

 

false

Include CustomerID internal organizations.

roles

Boolean

 

 

false

List roles available in the organization.

assignments

Boolean

 

 

false

Discover users in roles. Effective only if roles is true.

assignmentEntities

Boolean

 

 

false

Return user-elements instead of userid-list. Effective only if assignments is true.

applicationCount

Boolean

 

 

false

Show pending user application count for organizations (and possibly it's suborganizations). Effective only if entities is true.

recursiveApplicationCount

Boolean

 

 

false

Whether to include applications in suborganizations to the count (see applicationCount above). Effective only if applicationCount is true.

friendlyName

String

 

 

 

Include only organizations with friendly name matching the specified filter. Wildcard '*' is allowed in filter string.

organizationClass

String from Configured Set

 

 

 

Include only organizations of the specified organization class. Wildcards are not allowed.

maxResults

Integer

 

 

No Limit

Limit the maximum number of results. Exceeding the limit results in request error with error code 12.

exportMode

Boolean

 

 

false

Include all information required for backups and provisioning. Effective only if entities is true.

Curl Example

curl --insecure -X GET "https://localhost:7443/eidm2/services/orgs/?username=restuser&password=secret&entities=true"

Response Document

List of Identifiers

 <idlist>
  <Id>https://HOSTNAME/eidm2/services/org/example1</Id>
  <Id>https://HOSTNAME/eidm2/services/org/example1/dep1</Id>
  <Id>https://HOSTNAME/eidm2/services/org/example1/dep2</Id>
 </idlist>

List of Entities

 <entitylist>
  <organization>...</organization>
  <organization>...</organization>
  <organization>...</organization>
 </entitylist>

REQ004b Query Organization

Description

Query information about the specified organization.

Target Type

Entity

Request URL

Request URL defines the queried organization.

Examples

  • https://HOSTNAME/eidm2/services/org/ORGANIZATION
  • https://HOSTNAME/eidm2/services/org/ORGANIZATION/SUBORG
  • https://HOSTNAME/eidm2/services/org/VIRTUALORG/SUBVORG

Request Method

GET

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

roles

Boolean

 

 

false

Resolve roles available in the organization.

assignments

Boolean

 

 

false

Discover users in roles. Effective only if roles is true.

assignmentEntities

Boolean

 

 

false

Return user-elements instead of userid-list. Effective only if assignments is true.

applicationCount

Boolean

 

 

false

Return pending user application count for organization (and possibly it's suborganizations)

recursiveApplicationCount

Boolean

 

 

false

Whether to include applications in suborganizations to the count (see applicationCount above)

pendingOrganizations

Boolean

 

 

false

Returns data of new suborganizations (count, oldest, newest, url for processing) under the current organization, i.e. organizations where no user has yet been approved.

exportMode

Boolean

 

 

false

Include all information required for backups and provisioning.

Curl Example

curl --insecure -X GET "https://localhost:7443/eidm2/services/org/6666666-6/?username=restuser&password=secret"

Response Document

Non-virtual Organization

 <organization>
  <Id>https://HOSTNAME/eidm2/services/org/example1</Id>
  <virtual>false</virtual>
  <friendlyName>Example Inc.</friendlyName>
  <organizationClass>class1</organizationClass>
  <customattribute name="custom1">
   <value>Value</Value>
   <value>Value2</Value>
  </customattribute>
  <roles>
   <role>
    <Id>https://HOSTNAME/eidm2/services/org/example1/OrganizationMainUser</Id>
   </Role>
  </Roles>
  <applicationCount>0</applicationCount>
  <pendingOrganizations>
   <count>2</count>
   <newest>11.11.2011</newest>
   <oldest>10.10.2010</oldest>
   <url>https://<hostname>/eidm2/wf/admin/organization/approval/example1</url>
  </pendingOrganizations>
 </organization>

Virtual Organization

 <organization>
  <Id>https://HOSTNAME/eidm2/services/org/virtual1</Id>
  <virtual>true</virtual>
  <friendlyName>Example Project</friendlyName>
  <customattribute name="custom1">
   <value>Value</Value>
   <value>Value2</Value>
  </customattribute>
  <roles>
   <role>
    <Id>https://HOSTNAME/eidm2/services/role/virtual1/OrganizationMainUser</Id>
   </Role>
   <role>
    <Id>https://HOSTNAME/eidm2/services/role/virtual1/OrganizationUser</Id>
   </Role>
  </Roles>
 </organization> 

Supported values

  • Organization: Includes user's all attributes (including custom attributes). Number of fields may vary between configurations and users.

REQ005b Query Role

Description

Query information about the specified role.

Target Type

Entity

Request URL

Request URL defines the queried role.

Examples

  • https://HOSTNAME/eidm2/services/role/ORGANIZATION/ROLE
  • https://HOSTNAME/eidm2/services/role/ORGANIZATION/SUBORG/ROLE
  • https://HOSTNAME/eidm2/services/role/VIRTUALORG/SUBVORG/ROLE

Request Method

GET

Request URL Parameters

Name

Accepted Values

Multivalued

Mandatory

Default

Description

assignments

Boolean

 

 

false

Discover users in the role. Also hierarchical role membership counts, so user A that is a member of role A that is a member of role B is returned when querying the role B.

assignmentEntities

Boolean

 

 

false

Return user-elements instead of userid-list. Effective only if assignments is true.

Curl Example

curl --insecure -X GET "https://localhost:7443/eidm2/services/role/6666666-6/TestRole/?username=restuser&password=secret&assignments=true"

Response Document

 <role>
  <Id>https://HOSTNAME/eidm2/services/role/example1/testrole</Id>
  <roleassignments>
   <roleassignment>
    <userid>https://HOSTNAME/eidm2/services/user/example1/user1</userid>
   </roleassignment>
   <roleassignment>
    <userid>https://HOSTNAME/eidm2/services/user/example1/user2</userid>
   </roleassignment>
  </roleassignments>
 </Role>