Modification Operations
MOD001b Create Organization
Description
Create a new organization, suborganization or virtual organization.
Target Type
Collection
Request URL
Request URL defines the parent of the organization to be created.
Examples
- https://HOSTNAME/eidm2/services/orgs/
- https://HOSTNAME/eidm2/services/orgs/ORGANIZATION/
- https://HOSTNAME/eidm2/services/orgs/ORGANIZATION/SUBORG/
- https://HOSTNAME/eidm2/services/orgs/VIRTUALORG/SUBVORG/
- https://HOSTNAME/eidm2/services/orgs/1234567-8/
- https://HOSTNAME/eidm2/services/orgs/1234567-8/123456789/
Request Method
POST
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
virtual | Boolean |
|
| false | Defines whether the organization is virtual. |
organizationId | String |
| X |
| Unique name of the organization to be created. |
friendlyName | String |
| X |
| Human readable name of the organization. |
organizationClass (or organizationType) | String from Configured Set |
|
|
| Organization type defining the initial configuration of the created organization. We support both the old parameter name (organizationClass) and the new parameter name (organizationType). |
"custom attribute" | String | X |
|
| Organization's custom attribute and a value (multiple values are separated with comma). For example, vatnumber=12345 |
Curl Example
curl --insecure -X POST -u restuser:secret "https://localhost:7443/eidm2/services/orgs/?organizationId=6666666-6&friendlyName=TestOrganization"
Response Document
<idlist> <Id>https://HOSTNAME/eidm2/services/org/example1/dep1</Id> </idlist>
MOD002 Remove Organization
Description
Remove the specified organization.
Target Type
Entity
Request URL
Request URL defines the organization to be removed. Response document contains a list of removed entities (organizations, roles, and users).
Examples
- https://HOSTNAME/eidm2/services/org/ORGANIZATION
- https://HOSTNAME/eidm2/services/org/ORGANIZATION/SUBORG
- https://HOSTNAME/eidm2/services/org/VIRTUALORG/SUBVORG
- https://HOSTNAME/eidm2/services/org/1234567-8
- https://HOSTNAME/eidm2/services/org/1234567-8/123456789
Request Method
DELETE
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
recursive | Boolean |
|
| false | Allow deleting organizations with sub-organizations. |
Curl Example
curl --insecure -X DELETE -u restuser:secret "https://localhost:7443/eidm2/services/org/6666666-6?recursive=true"
Response Document
<idlist> <Id>https://HOSTNAME/eidm2/services/org/example1/dep1</Id> <Id>https://HOSTNAME/eidm2/services/role/example1/OrganizationMainUser</Id> <Id>https://HOSTNAME/eidm2/services/role/example1/OrganizationUser</Id> <Id>https://HOSTNAME/eidm2/services/user/example1/abcd-1234</Id> <Id>https://HOSTNAME/eidm2/services/user/example1/efgh-5678</Id> </idlist>
MOD003b Update Organization
Description
Update the organization data. Replaces all the defined attributes, empty value removes the attribute, and missing attribute does not change the existing value.
Target Type
Entity
Request URL
Request URL defines the organization to be updated.
Examples
- https://HOSTNAME/eidm2/services/org/ORGANIZATION
- https://HOSTNAME/eidm2/services/org/ORGANIZATION/SUBORG
- https://HOSTNAME/eidm2/services/org/VIRTUALORG
- https://HOSTNAME/eidm2/services/org/VIRTUALORG/SUBVORG
Request Method
PUT
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
friendlyName | String |
|
|
| Human readable name of the organization. |
organizationClass (or organizationType) | String from Configured Set |
|
|
| Organization type defining the initial configuration of the created organization. We support both the old parameter name (organizationClass) and the new parameter name (organizationType). |
"custom attribute" | String | X |
|
| Organization's custom attribute and a value (multiple values are separated with comma). These attributes must have been defined in eidm2.properties (data.organization.fields or ui.admin.organizationinfo.fields.order) For example, organizationid=12345 |
Curl Example
curl --insecure -X PUT -u restuser:secret "https://localhost:7443/eidm2/services/org/6666666-6/?friendlyName=TestOrganizationRENAME"
Response Document
<idlist> <Id>https://HOSTNAME/eidm2/services/org/example1/dep1</Id> </idlist>
MOD004b Update User
Description
Update the user information. By default, does not create a new user if the user does not exist. This may be overridden with parameter create. Replaces all the defined attributes, empty value removes the attribute, and missing attribute does not change the existing value. Setting an empty password disables the password method for the user.
Target Type
Entity
Request URL
Request URL defines the user to be updated.
Examples
- https://HOSTNAME/eidm2/services/user/ORGANIZATION/USER
- https://HOSTNAME/eidm2/services/user/ORGANIZATION/SUBORG/USER
Request Method
PUT
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
uid | String |
|
|
| User login name. |
String |
|
|
| User email address. | |
firstname | String |
|
|
| First name of the user. |
surname | String |
|
|
| Surname of the user. |
mobile | String |
|
|
| Mobile phone number. |
locale | String | Locale | |||
hetu | String |
|
|
| Social Security Number (henkilötunnus) |
pwd | String |
|
|
| New password. |
otp.state (Deprecated) | String |
|
|
| New OTP state. This parameter is deprecated. OTP related REST services will be provided by OTP Server. |
pwd.activated | Boolean |
|
|
| Defines if the password authentication method is actived for the user or not. |
sms.activated (Deprecated) | Boolean |
|
|
| Defines if the SMS OTP authentication method is actived for the user or not. This parameter is deprecated. SMS OTP related REST services will be provided by OTP Server. |
otp.activated (Deprecated) | Boolean |
|
|
| Defines if the OTP authentication method is actived for the user or not. This parameter is deprecated. OTP related REST services will be provided by OTP Server. |
create | Boolean |
|
|
| Allow create |
disable | Boolean |
|
|
| Disable User |
enable | Boolean |
|
|
| Enable User |
roles.remove | Boolean |
|
|
| Remove roles |
mandates.remove | Boolean |
|
|
| Remove Mandates |
"custom attribute" | String | X |
|
| User's custom attribute and a value (multiple values are separated with comma). These attributes must have been defined in eidm2.properties (data.user.fields, ui.selfservice.userinfo.fields.order, ui.admin.userinfo.fields.order or ui.admin.approvalinfo.fields.order) For example, age=45 |
Curl Example
curl --insecure -X PUT -u restuser:secret "https://localhost:7443/eidm2/services/user/6666666-6/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/?mobile=%2B358401234567891"
Response Document
<idlist> <Id>https://HOSTNAME/eidm2/services/user/example1/user1</Id> </idlist>
MOD005 Assign Role
Description
Assign a role for the user.
Target Type
Collection
Request URL
Request URL defines the role to be assigned for a user.
Examples
- https://HOSTNAME/eidm2/services/assignments/ORGANIZATION/ROLE
- https://HOSTNAME/eidm2/services/assignments/ORGANIZATION/SUBORG/ROLE
- https://HOSTNAME/eidm2/services/assignments/VIRTUALORG/ROLE
Request Method
POST
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
user | Entity Name |
| X |
| User who the role is assigned for. |
Curl Example
curl --insecure -X POST -u restuser:secret "https://localhost:7443/eidm2/services/assignments/6666666-6/TestRole/?user=6666666-6/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
Response Document
<idlist/>
MOD006 Deassign Role
Description
Deassign a role from the user.
Target Type
Collection
Request URL
Request URL defines the role to be deassign from a user.
Examples
- https://HOSTNAME/eidm2/services/assignments/ORGANIZATION/ROLE
- https://HOSTNAME/eidm2/services/assignments/ORGANIZATION/SUBORG/ROLE
- https://HOSTNAME/eidm2/services/assignments/VIRTUALORG/ROLE
Request Method
DELETE
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
user | Entity Name |
| X |
| User who the role is deassign from. |
Curl Example
curl --insecure -X DELETE -u restuser:secret "https://localhost:7443/eidm2/services/assignments/6666666-6/TestRole/?user=6666666-6/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
Response Document
<idlist/>
MOD007 Create Role
Description
Create a role.
Target Type
Entity
Request URL
Request URL defines the role to be created.
Examples
- https://HOSTNAME/eidm2/services/role/ORGANIZATION/ROLE
- https://HOSTNAME/eidm2/services/role/ORGANIZATION/SUBORG/ROLE
- https://HOSTNAME/eidm2/services/role/VIRTUALORG/SUBVORG/ROLE
Request Method
PUT
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
memberOf | String |
|
|
| The created role will be member of this role |
Curl Example
curl --insecure -X PUT -u restuser:secret "https://localhost:7443/eidm2/services/role/6666666-6/TestRole"
Response Document
<idlist> <Id>https://HOSTNAME/eidm2/services/role/testorg/testrole</Id> </idlist>
MOD008 Remove Role
Description
Remove a role from an organization or a virtual organization.
Target Type
Entity
Request URL
Request URL defines the role to be removed.
Examples
- https://HOSTNAME/eidm2/services/role/ORGANIZATION/ROLE
- https://HOSTNAME/eidm2/services/role/ORGANIZATION/SUBORG/ROLE
- https://HOSTNAME/eidm2/services/role/VIRTUALORG/SUBVORG/ROLE
Request Method
DELETE
Request URL Parameters
No request specific request URL parameters.
Curl Example
curl --insecure -X DELETE -u restuser:secret "https://localhost:7443/eidm2/services/role/6666666-6/TestRole"
Response Document
<idlist> <Id>https://HOSTNAME/eidm2/services/role/testorg/testrole</Id> </idlist>
MOD009 Create User
Description
Create a new user. Creates a random unique identifier for the user.
NOTE: Be careful to store users only in normal organizations - not virtual, because the system does not currently validate automatically whether the organization is virtual and this will create an inconsistency situation that must be resolved with direct database operations.
Target Type
Entity
Request URL
Request URL defines the organization under which the user will be created.
Examples
- https://HOSTNAME/eidm2/services/users/ORGANIZATION/
- https://HOSTNAME/eidm2/services/users/ORGANIZATION/SUBORG/
Request Method
POST
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
uid | String |
| X (depending on configuration) |
| User login name. |
String |
| X |
| User email address. | |
firstname | String |
| X |
| First name of the user. |
surname | String |
| X |
| Surname of the user. |
mobile | String |
|
|
| Mobile phone number. |
hetu | String |
|
|
| Social Security Number (henkilötunnus) |
pwd | String |
|
|
| Initialize the default password authentication method for the user with the specified password. If missing, the password method is not initialized for the user. |
pwd.activated | Boolean |
|
|
| Defines if the password authentication method is actived for the user or not. |
sms.activated (Deprecated) | Boolean |
|
| false | Defines if the SMS OTP authentication method is actived for the user or not. This parameter is deprecated. SMS OTP related REST services will be provided by OTP Server. |
otp.activated (Deprecated) | Boolean |
|
| false | Defines if the OTP authentication method is actived for the user or not. This parameter is deprecated. OTP related REST services will be provided by OTP Server. |
locale | String |
|
|
| Locale definition. It is used when selecting the right language for email notifications. |
"custom attribute" | String | X |
|
| User's custom attribute and a value (multiple values are separated with comma). These attributes must have been defined in eidm2.properties (data.user.fields, ui.selfservice.userinfo.fields.order, ui.admin.userinfo.fields.order or ui.admin.approvalinfo.fields.order) For example, age=45 |
Curl Example
curl --insecure -X POST -u restuser:secret "https://localhost:7443/eidm2/services/users/6666666-6?uid=leena&firstname=Leena&surname=Laine&email=leena.laine@example.com&pwd=Password1"
Response Document
<idlist> <Id>https://HOSTNAME/eidm2/services/user/example1/user1</Id> </idlist>
MOD010b Delete User
Description
Deletes the specified user.
Target Type
Entity
Request URL
Request URL defines the user to be deleted.
Examples
- https://HOSTNAME/eidm2/services/user/ORGANIZATION/user1
- https://HOSTNAME/eidm2/services/user/ORGANIZATION/SUBORG/user2
Request Method
DELETE
Request URL Parameters
No request specific request URL parameters.
Curl Example
curl --insecure -X DELETE -u restuser:secret "https://localhost:7443/eidm2/services/user/6666666-6/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
Response Document
<idlist> <Id>https://HOSTNAME/eidm2/services/user/example1/user1</Id> </idlist>
MOD011 Initialization
Description
Initialize repository and/or database. Repository initialization creates required sites and authorization policies in LDAP. Database initialization removes and recreates existing database tables.
Initialization should be called only when first installing the system.
Target Type
Entity
Request URL
Request URL is static: https://HOSTNAME/eidm2/services/init/
Example
- https://HOSTNAME/eidm2/services/init/
Request Method
POST
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
resetRepository | Boolean |
|
| false | Removes all organizations, users, and roles from the repository. |
initializeDatabase | Boolean |
|
| false | Creates the missing mandatory repository structures and roles. Also, updates the repository to reflect the changed configuration. |
synchronizeData | Boolean |
|
| false | Try to create those items into SQL database that are missing from it but present in LDAP. |
initializeOrganizations | Boolean |
|
| false | Create roles to organizations based on organization type definitions. Only creates the missing roles but does not remove anything. |
clearUniqueFields | Boolean |
|
| false | Clears unique field data from validators. |
updateSamlApMetadata | Boolean |
|
| false | Write SAML AP metadata generated based on the identity file to SSO authentication method configuration. |
refreshRoleHierarchyRules | Boolean |
|
| false | Updates roles' memberships with other roles to comply with the current Role Hierarchy Rules. Should be run if Role Hierarchy Rules are changed. |
Curl Example
curl --insecure -X POST -u restuser:secret "https://localhost:7443/eidm2/services/init/?resetRepository=true&initializeDatabase=true"
Response Document
<idlist/>
MOD013 Update Users
Description
Update all users in given organization.
Target Type
Entity
Request URL
Request URL defines the user to be updated.
Examples
- https://HOSTNAME/eidm2/services/users/ORGANIZATION
- https://HOSTNAME/eidm2/services/users/ORGANIZATION/SUBORG
Request Method
PUT
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
disableUsers | Boolean |
|
|
| Disables all users in organization. |
enableUsers | Boolean |
|
|
| Enables all users in organization. |
deleteUsers | Boolean |
|
|
| Removes all users in organization. |
removeRoles | Boolean |
|
|
| Removes all roles and mandate delegations from all users in organization. |
removeMandates | Boolean |
|
|
| Removes mandates these users have assigned to other users, mandate delegations received and direct mandate receivals. |
Curl Example
curl --insecure -X PUT -u restuser:secret "https://localhost:7443/eidm2/services/users/6666666-6/?disableUsers=true"
Response Document
<idlist> <Id>https://HOSTNAME/eidm2/services/user/example1/user1</Id> <Id>https://HOSTNAME/eidm2/services/user/example1/user2</Id> <Id>https://HOSTNAME/eidm2/services/user/example1/user3</Id> </idlist>
Request Operations
REQ001b List Users
Description
List users in the organization.
Target Type
Collection
Request URL
Request URL defines the organization which users are to be listed. Organization names are handled case insensitively.
Examples
- https://HOSTNAME/eidm2/services/users/
- https://HOSTNAME/eidm2/services/users/ORGANIZATION/
- https://HOSTNAME/eidm2/services/users/ORGANIZATION/
- https://HOSTNAME/eidm2/services/users/ORGANIZATION/SUBORG/
Request Method
GET
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
entities | Boolean |
|
| false | Return list of entities instead of id list. |
recursive | Boolean |
|
| false | Include users from the suborganizations. |
String |
|
|
| Include only users with matching email address. Wildcard '*' is allowed. | |
mobile | String |
|
|
| Include only users with matching mobile phone number. Wildcard '*' is allowed. |
maxResults | Integer |
|
| No Limit | Limit the maximum number of results. Exceeding the limit results in request error with error code 12. A value of zero means no limit. |
assignments | Boolean |
|
| false | Include role assignments. Effective only if entities is true. |
authInfo | Boolean |
|
| false | Include authentication credentials. Used for backup or provisioning. Effective only if entities is true. |
Curl Example
curl --insecure -X GET -u restuser:secret "https://localhost:7443/eidm2/services/users/?recursive=true"
Response Document
List of Identifiers
<idlist> <Id>https://HOSTNAME/eidm2/services/user/example1/user1</Id> <Id>https://HOSTNAME/eidm2/services/user/example1/user2</Id> <Id>https://HOSTNAME/eidm2/services/user/example1/dep1/user3</Id> </idlist>
List of Entities
<entitylist> <user>...</user> <user>...</user> <user>...</user> </entitylist>
REQ002b Query User
Description
Query information about the specified user.
Target Type
Entity
Request URL
Request URL defines the queried user. Supported queries are:
- query user with unique id
- query user with ssn
- query user with login
- query user with email
The query is only based on one key-value pair and the priority is as follows: unique id, ssn, login, email, url.
For example, the following query would only query users with SSN.
- https://HOSTNAME/eidm2/services/user/?ssn=010100-123&email=user@test.com
If none is defined, defaults to Request URL defines the queried user. Organization and user entity names are handled case sensitively.
Examples
- https://HOSTNAME/eidm2/services/user/?uniqueId=kwn06cvp-1123-dd29-0e1s-b4ia666f9l3j
- https://HOSTNAME/eidm2/services/user/?ssn=010100-123D
- https://HOSTNAME/eidm2/services/user/?login=user1
- https://HOSTNAME/eidm2/services/user/?email=user@test.com
- https://HOSTNAME/eidm2/services/user/ORGANIZATION/USERRELATIVENAME
- https://HOSTNAME/eidm2/services/user/ORGANIZATION/SUBORG/USERRELATIVENAME
- https://HOSTNAME/eidm2/services/user/USER_ENTITY_NAME
Request Method
GET
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
assignments | Boolean |
|
| true | Retrieve role assignments. |
groups | Boolean |
|
| true | Retrieve group assignments. |
authInfo | Boolean |
|
| false | Include authentication credentials. Used for backup or provisioning. |
Curl Example
curl --insecure -X GET -u restuser:secret "https://localhost:7443/eidm2/services/user/6666666-6/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
Response Document
<user> <Id>https://HOSTNAME/eidm2/services/user/example1/user1</Id> <organization>https://HOSTNAME/eidm2/services/org/example1</organization> <organizationFriendlyName>Example Inc.</organizationFriendlyName> <status>Enabled</status> <attributes> <uid>john.doe</uid> <firstname>John</firstname> <surname>Doe</surname> <email>john.doe@example.com</email> <mobile>555-1234</mobile> <hetu>123456-7890</hetu> <cn>John Doe</cn> <organization>example1</organization> <customattribute name="custom1"> <value>Value</Value> <value>Value2</Value> </customattribute> </attributes> <roleassignments> <roleassignment> <role> <Id>https://HOSTNAME/eidm2/services/role/example1/testrole</Id> </Role> </roleassignment> </roleassignments> <groupassignments> <groupassignment> <group> <Id>eIDMUser</Id> </group> </groupassignment> </groupassignments> </user>
Supported values
- Status: See Data model - CustomerID for a list of user statuses.
- Attributes: Includes user's all attributes (including custom attributes). Number of fields may vary between configurations and users.
REQ003b List Organizations
Description
List organizations.
Target Type
Collection
Request URL
Request URL defines the organization in which the organizations to be listed are. Organization names are handled case insensitively.
Examples
- https://HOSTNAME/eidm2/services/orgs/
- https://HOSTNAME/eidm2/services/orgs/ORGANIZATION/
- https://HOSTNAME/eidm2/services/orgs/ORGANIZATION/SUBORG/
- https://HOSTNAME/eidm2/services/orgs/VORG/
Request Method
GET
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
entities | Boolean |
|
| false | Return list of entities instead of id list. |
recursive | Boolean |
|
| false | Include organizations from the suborganizations. |
internal | Boolean |
|
| false | Include CustomerID internal organizations. |
roles | Boolean |
|
| false | List roles available in the organization. |
assignments | Boolean |
|
| false | Discover users in roles. Effective only if roles is true. |
assignmentEntities | Boolean |
|
| false | Return user-elements instead of userid-list. Effective only if assignments is true. |
applicationCount | Boolean |
|
| false | Show pending user application count for organizations (and possibly it's suborganizations). Effective only if entities is true. |
recursiveApplicationCount | Boolean |
|
| false | Whether to include applications in suborganizations to the count (see applicationCount above). Effective only if applicationCount is true. |
friendlyName | String |
|
|
| Include only organizations with friendly name matching the specified filter. Wildcard '*' is allowed in filter string. |
organizationClass | String from Configured Set |
|
|
| Include only organizations of the specified organization class. Wildcards are not allowed. |
maxResults | Integer |
|
| No Limit | Limit the maximum number of results. Exceeding the limit results in request error with error code 12. A value of zero means no limit. |
exportMode | Boolean |
|
| false | Include all information required for backups and provisioning. Effective only if entities is true. |
Curl Example
curl --insecure -X GET -u restuser:secret "https://localhost:7443/eidm2/services/orgs/?entities=true"
Response Document
List of Identifiers
<idlist> <Id>https://HOSTNAME/eidm2/services/org/example1</Id> <Id>https://HOSTNAME/eidm2/services/org/example1/dep1</Id> <Id>https://HOSTNAME/eidm2/services/org/example1/dep2</Id> </idlist>
List of Entities
<entitylist> <organization>...</organization> <organization>...</organization> <organization>...</organization> </entitylist>
REQ004b Query Organization
Description
Query information about the specified organization. Organization names are handled case sensitively.
Target Type
Entity
Request URL
Request URL defines the queried organization.
Examples
- https://HOSTNAME/eidm2/services/org/ORGANIZATION
- https://HOSTNAME/eidm2/services/org/ORGANIZATION/SUBORG
- https://HOSTNAME/eidm2/services/org/VIRTUALORG/SUBVORG
Request Method
GET
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
---|---|---|---|---|---|
roles | Boolean |
|
| false | Resolve roles available in the organization. |
assignments | Boolean |
|
| false | Discover users in roles. Effective only if roles is true. |
assignmentEntities | Boolean |
|
| false | Return user-elements instead of userid-list. Effective only if assignments is true. |
applicationCount | Boolean |
|
| false | Return pending user application count for organization (and possibly it's suborganizations) |
recursiveApplicationCount | Boolean |
|
| false | Whether to include applications in suborganizations to the count (see applicationCount above) |
pendingOrganizations | Boolean |
|
| false | Returns data of new suborganizations (count, oldest, newest, url for processing) under the current organization, i.e. organizations where no user has yet been approved. |
exportMode | Boolean |
|
| false | Include all information required for backups and provisioning. |
Curl Example
curl --insecure -X GET -u restuser:secret "https://localhost:7443/eidm2/services/org/6666666-6/"
Response Document
Non-virtual Organization
<organization> <Id>https://HOSTNAME/eidm2/services/org/example1</Id> <virtual>false</virtual> <friendlyName>Example Inc.</friendlyName> <organizationType>type1</organizationType> <customattribute name="custom1"> <value>Value</Value> <value>Value2</Value> </customattribute> <roles> <role> <Id>https://HOSTNAME/eidm2/services/org/example1/OrganizationMainUser</Id> </Role> </Roles> <applicationCount>0</applicationCount> <pendingOrganizations> <count>2</count> <newest>11.11.2011</newest> <oldest>10.10.2010</oldest> <url>https://<hostname>/eidm2/wf/admin/organization/approval/example1</url> </pendingOrganizations> </organization>
Virtual Organization
<organization> <Id>https://HOSTNAME/eidm2/services/org/virtual1</Id> <virtual>true</virtual> <friendlyName>Example Project</friendlyName> <customattribute name="custom1"> <value>Value</Value> <value>Value2</Value> </customattribute> <roles> <role> <Id>https://HOSTNAME/eidm2/services/role/virtual1/OrganizationMainUser</Id> </Role> <role> <Id>https://HOSTNAME/eidm2/services/role/virtual1/OrganizationUser</Id> </Role> </Roles> </organization>
Supported values
- Organization: Includes user's all attributes (including custom attributes). Number of fields may vary between configurations and users.
REQ005b Query Role
Description
Query information about the specified role. Organization and role names are handled case sensitively.
Target Type
Entity
Request URL
Request URL defines the queried role.
Examples
- https://HOSTNAME/eidm2/services/role/ORGANIZATION/ROLE
- https://HOSTNAME/eidm2/services/role/ORGANIZATION/SUBORG/ROLE
- https://HOSTNAME/eidm2/services/role/VIRTUALORG/SUBVORG/ROLE
Request Method
GET
Request URL Parameters
Name | Accepted Values | Multivalued | Mandatory | Default | Description |
assignments | Boolean |
|
| false | Discover users in the role. Also hierarchical role membership counts, so user A that is a member of role A that is a member of role B is returned when querying the role B. |
assignmentEntities | Boolean |
|
| false | Return user-elements instead of userid-list. Effective only if assignments is true. |
Curl Example
curl --insecure -X GET -u restuser:secret "https://localhost:7443/eidm2/services/role/6666666-6/TestRole/?assignments=true"
Response Document
<role> <Id>https://HOSTNAME/eidm2/services/role/example1/testrole</Id> <roleassignments> <roleassignment> <userid>https://HOSTNAME/eidm2/services/user/example1/user1</userid> </roleassignment> <roleassignment> <userid>https://HOSTNAME/eidm2/services/user/example1/user2</userid> </roleassignment> </roleassignments> </Role>