Introduction
SSO Management API is a REST API for managing SSO Server. With Management API it is possible to automate management tasks that previously were only possible with the web browser based Management Console.
Access to API
To operate REST API an OAuth2 access token is needed. To get the access token an OAuth2 Resource Server configured as Ubisecure agent needs to be activated and configured in the Ubisecure SSO server.
...
For more information about Ubisecure SSO, please refer to the following pages and topics:
- Release notes - SSO Release Notes
- OAuth API
- SSO Management
- Installation - SSO Installation
- SSO Installation: Appendixes for authentication methods
- Authentication Providers
- SSO External Directory Integration
- SSO Management API Configuration
This guide describes how to configure Ubisecure SSO to use external user directories (Active Directory, LDAP or SQL) and perform access control based on group membership in these directories. Please refer to the individual guides.
- SSO Active Directory Integrationintegration
- Basic LDAP Integration
- SSO Schema Enhanced enhanced LDAP Integrationintegration
- SQL Integration
- SSO Login UI Customizationcustomization - SSO
Scope of the API
Ubisecure SSO REST API can be used to create:
...
DELETE /user/Example/user1
Mappings
Please read page Mappings - Management UI - Mappings.
Three kind of mappings:
- Type outbound user mapping
- nameIDFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
- Type persistent ID mapping
- nameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- Type transient ID mapping
- nameIDFormat = urn:oasis:names:tc:SAML:2.0:nameid-format:transient
Policy function is defined with nameIDFormat attribute when policy is created.
Note |
---|
NOTE: Policy function can not be changed after creation. |
...
PUT /outboundMappingPolicy/Example/userMappingPolicy1
nameIDFormat=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
Add user mapping
POST
/
outboundMappingPolicyoutboundMappingPolicy/Example/userMappingPolicy1/$link/user/Example/user1
username=m
appedmapped-username
Enable outbound mapping policy for application
PUT
/application/Example/webapp1/$link/outboundMappingPolicy/Example/userMappingPolicy1
Create persistent ID policy
PUT
/outboundMappingPolicy/Example/persistentIDPolicy1nameIDFormat=urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
Note! At most one outbound mapping policy is allowed per application
Refresh token policy
Create refresh token policy
PUT
/refreshTokenPolicy/Example/refreshTokenPolicy1
Enable refresh token policy for application
PUT
/application/Example/webapp1/$link/refreshTokenPolicy/Example/refreshTokenPolicy1
...