RESTful API – identity Creation in Realm Issue

Tagged: , , , ,

This topic has 10 replies, 5 voices, and was last updated 6 years, 6 months ago by Peter Major.

  • Author
    Posts
  • #3666
     notoanonimo
    Participant

    Hello everyone,
    we’re trying to create LDAP users using OpenAM RESTful API. We’ve got two different realms, referring to two different “ou”.

    Even if we specify the realm where the user is intended to be created, the user is always created on TOP REALM (“/”).

    Is there anything wrong in the API invocation?

    REQUEST:
    POST http://forgerock:8080/openam/json/users/?_action=create HTTP/1.1
    iplanetDirectoryPro: …
    CONTENT-TYPE: application/json

    {
    “username”: “testT9”,
    “userpassword”: “testtest”,
    “mail”: “[email protected]”,
    “givenname” :”Francesco”,
    “realm”:”NOT_TOP_REALM”
    }

    ANSWER:
    HTTP/1.1 200 OK

    {“username”:”testT9″,“realm”:”/”,”uid”:[“testT9″],”mail”:[“[email protected]”],”sn”:[“testT9″],”userPassword”:[“{SSHA}bUP9WfJXEFwV5Qgl9JmedYzfCPIQz8lr00tQeA==”],”cn”:[“testT9″],”inetUserStatus”:[“Active”],”dn”:[“uid=testT9,ou=people,dc=example,dc=com”],”objectClass”:[“devicePrintProfilesContainer”,”person”,”sunIdentityServerLibertyPPService”,”inetorgperson”,”sunFederationManagerDataStore”,”iPlanetPreferences”,”iplanet-am-auth-configuration-service”,”organizationalperson”,”sunFMSAML2NameIdentifier”,”inetuser”,”forgerock-am-dashboard-service”,”iplanet-am-managed-person”,”iplanet-am-user-service”,”sunAMAuthAccountLockout”,”top”],”universalid”:[“id=testT9,ou=user,dc=example,dc=com”]}

    #3667
     Victor Ake
    Participant

    Hi,
    Were your realms configured to use DataStores that point to different ou in the LDAP server?

    #3668
     notoanonimo
    Participant

    Yes, they are. TOP REALM (/) is associated with G1_DataStore (ou=G1). NOT TOP REALM is associated with G2_DataStore (ou=G2).

    We need to create users in ou=G2 (NOT TOP REALM), but the API keeps creating them in ou=G1 (TOP REALM).

    • This reply was modified 7 years, 4 months ago by notoanonimo.
    #3675
     Peter Major
    Moderator

    Quite misleadingly the realm attribute value provided in the POST/PUT payload for the /json/users endpoint isn’t used for anything, hence it will not be used to determine where the user will be created.
    If you want to create an identity in the subrealm, then you should include the realm in the URI for the resource:

    /json/NOT_TOP_REALM/users/?_action=create
    
    #3676
     Dhawal
    Participant

    Hi,
    As I know, in you POST statement, you should be specifying the realm name as below:

    POST http://forgerock:8080/openam/json/REALM NAME/users/?_action=create HTTP/1.1

    I have already tested the above and it works as following
    "Content-Type: application/json" --data '{ "username": "dsingh", "userpassword": "secret12", "mail": "[email protected]" }' http://servername:port/OpenAM/json/<REALM NAME>/users/?_action=create

    • This reply was modified 7 years, 4 months ago by Dhawal.
    #3678
     Victor Ake
    Participant

    I was about to post my findings.
    Peter I guess that should be considered an issue, minor but an issue. Unless it is documented.

    #3679
     Peter Major
    Moderator

    @Victor, the realm shouldn’t be part of the identity response in the first place, that is the bug, hopefully that will be resolved when IdentityResource gets rewritten.

    #3682
     notoanonimo
    Participant

    I seems to work specifying the realm in the URL. I’ll keep on testing and let you know if there are any other issues.

    Thanks a lot. :)

    #7218
     tvsnath
    Participant

    Hi
    I tried with OpenAM 10.1.0 express edition:

    “Content-Type: application/json” –data ‘{ “username”: “dsingh”, “userpassword”: “secret12”, “mail”: “[email protected]” }’ http://servername:port/OpenAM/json/<REALM NAME>/users/?_action=create

    getting the 404 error like

    Resource ‘/<REALM NAME>/users/’ not found

    any suggestion ?

    -thanks
    Venkata

    #7219
     tvsnath
    Participant

    Hi
    I tried with OpenAM 10.1.0 express edition:

    “Content-Type: application/json” –data ‘{ “username”: “dsingh”, “userpassword”: “secret12”, “mail”: “[email protected]” }’ http://servername:port/OpenAM/json/<REALM NAME>/users/?_action=create

    getting the 404 error like

    Resource ‘/<REALM NAME>/users/’ not found

    any suggestion ?

    -thanks
    Venkata

    #7232
     Peter Major
    Moderator

    Don’t use 10.1.0-Xpress as it’s EOSL for a long while now. Time to upgrade to 13.0.0.

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?