Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In case of client credentials grant in the authorized access use case, a client application impersonates a user that has authorized access to 1-to-n server applications. See also Client Credentials Grant - SSO.

Impersonation is configured as a specific link between the application and the user.

NOTE that if there is an impersonation link between an application and impersonates a user the user cannot be which is deleted from the system until also the link has been removed.will be removed. A new user must be linked to the application to make client credentials grant authorized access use case functional again.

About SSO Management API in general, see Management API - SSO.

Manage impersonation from application side

Link name: impersonateAs

An application may have one impersonateAs link to one user.

Method

Example request

Example response

Description

GET

GET /application/Example/client1/$link/impersonateAs

When there is a link to Example/user1:

Code Block
{
  "type": "application",
  "id": "/application/Example/client1",
  "objects": [
    {
      "type": "user",
      "id": "/user/Example/user1",
      "link": "impersonateAs"
    }
  ]
}

Get the user linked to the given application with an impersonateAs link

PUT

PUT /application/Example/client1/$link/impersonateAs/user/Example/user1

Code Block
{
  "type": "application",
  "id": "/application/Example/client1",
  "objects": [
    {
      "type": "user",
      "id": "/user/Example/user1",
      "link": "impersonateAs"
    }
  ]
}

Create or update the link from application to the user. No action if the link between the given application and user already exists. If another user name is given an existing impersonateAs link to a previous user will be replaced with a link to the given user.

DELETE

PUT /application/Example/client1/$link/impersonateAs/user/Example/user1

Code Block
{
  "type": "application",
  "id": "/application/Example/client1"
}

Remove the link from application to the user.

Manage impersonation from user side

Link name: impersonatedBy

A The same user may have one-to-many impersonatedBy links to an applicationseveral applications.

Method

Example request

Example response

Description

GET

GET /user/Example/user1/$link/impersonatedBy

When there is a link to both Example/client1 and Example/client2:

Code Block
{
  "type": "user",
  "id": "/user/Example/user1",
  "objects": [
    {
      "type": "application",
      "id": "/application/Example/client1",
      "link": "impersonatedBy"
    },
    {
      "type": "application",
      "id": "/application/Example/client2",
      "link": "impersonatedBy"
    }
  ]
}

Get the applications linked to the given user with an impersonatedBy link

PUT

PUT /user/Example/user1/$link/impersonatedBy/application/Example/client1

Code Block
{
  "type": "user",
  "id": "/user/Example/user1",
  "objects": [
    {
      "type": "application",
      "id": "/application/Example/client1",
      "link": "impersonatedBy"
    }
  ]
}

Create or update the link from user to an application. No action if a link between the given user and application already exists. If another application name is given an existing impersonatedBy link to a previous application will be supplemented with a new link to the given application.

DELETE

PUT /user/Example/user1/$link/impersonatedBy/application/Example/client1

Code Block
{
  "type": "user",
  "id": "/user/Example/user1"
}

Remove the link from user to the application.

...