Versions Compared

Old Version 1

changes.mady.by.user John Jellema

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

SSO Management API is a REST API for managing SSO Server. With Management API it is possible to automate management tasks that previously were only possible with the web browser based Management Console.

Access to API

To operate REST API an OAuth2 access token is needed. To get the access token an OAuth2 Resource Server configured as Ubisecure agent needs to be activated and configured in the Ubisecure SSO server.

...

Authorization: Bearer {YOUR_SECURE_TOKEN}

Please check OAuth 2.0 API - SSO page for more information about OAuth API.
Please check SSO Management API Configuration Guide for information how to configure and start using SSO API.

...

  • Sites
  • Applications
    • Update application metadata
  • Groups
  • Authentication Policies
    • PolicyItem
  • Links between objects
  • Users
  • Mappings
  • Keys - see 8907526072 for API calls and SSO key rotation for further details

URI format

...

To get more information on how the attributes and linkings are connected, there are three sub-pages explaining them in more detail.

You can also see a overview of the schema in our example site https://manage.example.ubidemo.com/sso-api-sample/schema/models

...

DELETE /user/Example/user1

Impersonate user by an application, see Configuring impersonation with Management API - SSO


Mappings

Please read page Management UI Mappings - SSO.

Three kind of mappings:

  • Type outbound user mapping
    • nameIDFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified 
  • Type persistent ID mapping
    • nameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:persistent 
  • Type transient ID mapping
    • nameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:transient 

Policy function is defined with nameIDFormat attribute when policy is created.


Note

NOTE: Policy function can not be changed after creation. 

...

PUT /outboundMappingPolicy/Example/persistentIDPolicy1
nameIDFormat=urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

Note! At most one outbound mapping policy is allowed per application

Refresh token policy 

Create refresh token policy

...

    • Authorization policy

      GET /application/{path to application}/$link/policy
      List authorization policies linked to application 

      PUT /application/{path to application}/$link/policy/{path to policy}
      Link authorization policy to application 

      DELETE /application/{path to application}/$link/policy/{path to policy}
      Remove a link to authorization policy

    • Impersonate application as user, see Configuring impersonation with Management API - SSO


Group

  • AccessTo
    • To set, get or remove group's access to applications

...