saml 2.0 - How to add IDPs to OpenAM federation via CREST API? -


i know there rest apis openam functions self service, authentication etc.., i'm not able find right apis adding remote identity provider etc..,

either i'm missing or there no such rest apis openam due reason. reason not planning on it, or it's not yet there in current release.

is there way can register saml idps in openam without using openam admin console or ssoadm command?

pointers right code components appreciated.

in access manager 5 (openam 14) can manage saml entities using rest apis. create new hosted samlv2 idp need this:

curl -x post \   'http://idp.example.com:8080/openam/json/realm-config/federation/entityproviders/saml2?_action=create' \   -h 'content-type: application/json' \   -h 'iplanetdirectorypro: <admin_session_id>' \   -d '{       "_id": "http://idp.example.com:8080/openam",       "metadata": "<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?>\n<entitydescriptor entityid=\"http://idp.example.com:8080/openam\" xmlns=\"urn:oasis:names:tc:saml:2.0:metadata\">\n    <idpssodescriptor wantauthnrequestssigned=\"false\" protocolsupportenumeration=\"urn:oasis:names:tc:saml:2.0:protocol\">\n        <keydescriptor use=\"signing\">\n            <ds:keyinfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n                <ds:x509data>\n                    <ds:x509certificate>miidadccalcgawibagidcb/yma0gcsqgsib3dqebcwuamguxczajbgnvbaytalvlmrawdgydvqqiewdccmlzdg9smrawdgydvqqhewdccmlzdg9smriweaydvqqkewlgb3jnzvjvy2sxdzanbgnvbastbk9wzw5bttenmasga1ueaxmedgvzddaefw0xnjazmtgxmtu2mjhafw0ynjazmtyxmtu2mjhamguxczajbgnvbaytalvlmrawdgydvqqiewdccmlzdg9smrawdgydvqqhewdccmlzdg9smriweaydvqqkewlgb3jnzvjvy2sxdzanbgnvbastbk9wzw5bttenmasga1ueaxmedgvzddccasiwdqyjkozihvcnaqebbqadggepadccaqocggebaknbl89ep6b8kzatnspe3+oz3eslx31hjx+dakhtpwxcaackqjfwjwkdxyrupdsvg+8dbk3pghk26ajrse93epxeqmqqxnpmed+n0/8pjkuvywwpiq/ts2itiwovn7wzle4asfvupqor5pjuymwno/pd4l7qnjuckoat9h11hmyip+6roo/eygx4ah7oahfumncysopwhkw/ze9z8wtxc8baegdmt8zfcez1ctqjb/mlsbugdgk8ohydshkmx05babaobq8lrgp5sulsbrtu34elfootbin0fvuzsnwtispbahhrgwrmovm07oslwbuo3h/bj38zbuuqqvsak8yuyoecaweaaamhmb8whqydvr0obbyefhxfabr6pq5xgc+jvx+agtpnnpwzma0gcsqgsib3dqebcwuaa4ibaqazbmj29/2idv1ztc6arhtb4kw/nhhwthxfwtwan7srpb8tlw7fd8aj43rqr5107bg1lgkmt+fzxpafquc/mukjizgzbw0comsotcwugss+hxk6m6fl9aozkjmct1uosppfgjitcgqydgzxr2fh93vxwoaotuwtz119iixidxpojwyjg0hfn+gefpu1pmilfq2/uwqj0hgcnfncm9puagzhqrcdfonolxjnypsfsku5wxlgo99ye5ejwohxxu7csazvttmx7spj1luenogxum6jmqzsyeim1xcocl8rzjkz781w5cwzhujtnzv31sbres8faaceksu7y48bmkuqw6e9</ds:x509certificate>\n                </ds:x509data>\n            </ds:keyinfo>\n        </keydescriptor>\n        <artifactresolutionservice index=\"0\" isdefault=\"true\" binding=\"urn:oasis:names:tc:saml:2.0:bindings:soap\" location=\"http://idp.example.com:8080/openam/artifactresolver/metaalias/idp\"/>\n        <singlelogoutservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:http-redirect\" location=\"http://idp.example.com:8080/openam/idpsloredirect/metaalias/idp\" responselocation=\"http://idp.example.com:8080/openam/idpsloredirect/metaalias/idp\"/>\n        <singlelogoutservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:http-post\" location=\"http://idp.example.com:8080/openam/idpslopost/metaalias/idp\" responselocation=\"http://idp.example.com:8080/openam/idpslopost/metaalias/idp\"/>\n        <singlelogoutservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:soap\" location=\"http://idp.example.com:8080/openam/idpslosoap/metaalias/idp\"/>\n        <managenameidservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:http-redirect\" location=\"http://idp.example.com:8080/openam/idpmniredirect/metaalias/idp\" responselocation=\"http://idp.example.com:8080/openam/idpmniredirect/metaalias/idp\"/>\n        <managenameidservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:http-post\" location=\"http://idp.example.com:8080/openam/idpmnipost/metaalias/idp\" responselocation=\"http://idp.example.com:8080/openam/idpmnipost/metaalias/idp\"/>\n        <managenameidservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:soap\" location=\"http://idp.example.com:8080/openam/idpmnisoap/metaalias/idp\"/>\n        <nameidformat>urn:oasis:names:tc:saml:2.0:nameid-format:persistent</nameidformat>\n        <nameidformat>urn:oasis:names:tc:saml:2.0:nameid-format:transient</nameidformat>\n        <nameidformat>urn:oasis:names:tc:saml:1.1:nameid-format:emailaddress</nameidformat>\n        <nameidformat>urn:oasis:names:tc:saml:1.1:nameid-format:unspecified</nameidformat>\n        <nameidformat>urn:oasis:names:tc:saml:1.1:nameid-format:windowsdomainqualifiedname</nameidformat>\n        <nameidformat>urn:oasis:names:tc:saml:2.0:nameid-format:kerberos</nameidformat>\n        <nameidformat>urn:oasis:names:tc:saml:1.1:nameid-format:x509subjectname</nameidformat>\n        <singlesignonservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:http-redirect\" location=\"http://idp.example.com:8080/openam/ssoredirect/metaalias/idp\"/>\n        <singlesignonservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:http-post\" location=\"http://idp.example.com:8080/openam/ssopost/metaalias/idp\"/>\n        <singlesignonservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:soap\" location=\"http://idp.example.com:8080/openam/ssosoap/metaalias/idp\"/>\n        <nameidmappingservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:soap\" location=\"http://idp.example.com:8080/openam/nimsoap/metaalias/idp\"/>\n        <assertionidrequestservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:soap\" location=\"http://idp.example.com:8080/openam/aidreqsoap/idprole/metaalias/idp\"/>\n        <assertionidrequestservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:uri\" location=\"http://idp.example.com:8080/openam/aidrequri/idprole/metaalias/idp\"/>\n    </idpssodescriptor>\n</entitydescriptor>\n\n",       "entityconfig": "<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?>\n<entityconfig entityid=\"http://idp.example.com:8080/openam\" hosted=\"true\" xmlns=\"urn:sun:fm:saml:2.0:entityconfig\">\n    <idpssoconfig metaalias=\"/idp\">\n        <attribute name=\"description\">\n            <value/>\n        </attribute>\n        <attribute name=\"signingcertalias\">\n            <value>test</value>\n        </attribute>\n        <attribute name=\"encryptioncertalias\">\n            <value/>\n        </attribute>\n        <attribute name=\"basicauthon\">\n            <value>false</value>\n        </attribute>\n        <attribute name=\"basicauthuser\">\n            <value/>\n        </attribute>\n        <attribute name=\"basicauthpassword\">\n            <value/>\n        </attribute>\n        <attribute name=\"autofedenabled\">\n            <value>false</value>\n        </attribute>\n        <attribute name=\"autofedattribute\">\n            <value/>\n        </attribute>\n        <attribute name=\"assertioneffectivetime\">\n            <value>600</value>\n        </attribute>\n        <attribute name=\"idpauthncontextmapper\">\n            <value>com.sun.identity.saml2.plugins.defaultidpauthncontextmapper</value>\n        </attribute>\n        <attribute name=\"idpauthncontextclassrefmapping\">\n            <value>urn:oasis:names:tc:saml:2.0:ac:classes:passwordprotectedtransport|0||default</value>\n        </attribute>\n        <attribute name=\"idpaccountmapper\">\n            <value>com.sun.identity.saml2.plugins.defaultidpaccountmapper</value>\n        </attribute>\n        <attribute name=\"idpdisablenameidpersistence\">\n            <value>false</value>\n        </attribute>\n        <attribute name=\"idpattributemapper\">\n            <value>com.sun.identity.saml2.plugins.defaultidpattributemapper</value>\n        </attribute>\n        <attribute name=\"assertionidrequestmapper\">\n            <value>com.sun.identity.saml2.plugins.defaultassertionidrequestmapper</value>\n        </attribute>\n        <attribute name=\"nameidformatmap\">\n            <value>urn:oasis:names:tc:saml:1.1:nameid-format:emailaddress=mail</value>\n            <value>urn:oasis:names:tc:saml:1.1:nameid-format:x509subjectname=</value>\n            <value>urn:oasis:names:tc:saml:1.1:nameid-format:windowsdomainqualifiedname=</value>\n            <value>urn:oasis:names:tc:saml:2.0:nameid-format:kerberos=</value>\n            <value>urn:oasis:names:tc:saml:1.1:nameid-format:unspecified=</value>\n        </attribute>\n        <attribute name=\"idpecpsessionmapper\">\n            <value>com.sun.identity.saml2.plugins.defaultidpecpsessionmapper</value>\n        </attribute>\n        <attribute name=\"attributemap\"/>\n        <attribute name=\"wantnameidencrypted\">\n            <value/>\n        </attribute>\n        <attribute name=\"wantartifactresolvesigned\">\n            <value/>\n        </attribute>\n        <attribute name=\"wantlogoutrequestsigned\">\n            <value/>\n        </attribute>\n        <attribute name=\"wantlogoutresponsesigned\">\n            <value/>\n        </attribute>\n        <attribute name=\"wantmnirequestsigned\">\n            <value/>\n        </attribute>\n        <attribute name=\"wantmniresponsesigned\">\n            <value/>\n        </attribute>\n        <attribute name=\"cotlist\">\n            <value>test</value>\n        </attribute>\n        <attribute name=\"discoverybootstrappingenabled\">\n            <value>false</value>\n        </attribute>\n        <attribute name=\"assertioncacheenabled\">\n            <value>false</value>\n        </attribute>\n        <attribute name=\"assertionnotbeforetimeskew\">\n            <value>600</value>\n        </attribute>\n        <attribute name=\"saeappsecretlist\"/>\n        <attribute name=\"saeidpurl\">\n            <value>http://idp.example.com:8080/openam/idpsaehandler/metaalias/idp</value>\n        </attribute>\n        <attribute name=\"authurl\">\n            <value/>\n        </attribute>\n        <attribute name=\"applogouturl\">\n            <value/>\n        </attribute>\n        <attribute name=\"idpsessionsyncenabled\">\n            <value>false</value>\n        </attribute>\n        <attribute name=\"relaystateurllist\"/>\n    </idpssoconfig>\n</entityconfig>\n\n",       "_type": {         "_id": "saml2",         "name": "entity descriptor ",         "collection": true       }     }'

Comments

Post a Comment

Popular posts from this blog

javascript - Clear button on addentry page doesn't work -

this addentry blog page have made scratch , there underlying problems code particularly clear button supposed clear text entered when button clicked on doesn't work have saved html file problem. also 1 other problem submit button works doesn't pass of text index file have written php , reason whenever click on submit button redirects me index page without posting entry have made. <!doctype html> <html> <head> <script> function message() { alert("clear form?"); } </script> <style> body {background-color: beige;} h1 {color: black;} p {color: black;} textarea { width: 50%; height: 150px; padding: 12px 20px; box-sizing: border-box; border: 2px solid #ccc; border-radius: 4px; background-color: white; font-size: 16px; resize: none; } div { padding-left: 20px; } </style> </head> <meta charset="utf-8"> <link rel="stylesheet" href=".
Read more

c# - Selenium Authentication Popup preventing driver close or quit -

i have selenium automated task setup login website retrieve information. it's basic in automation. logging in , clicking 2 links. running issue proving problem. the site in question uses authentication required popup not javascript popup rather regular windows auth popup. have read isn't handled out of box selenium. i using " http://username:password@url.com " site every , site has issues on end prompt me again username/password randomly. have enter username/password twice in row when navigating there hand. since task loops continuously few hours picking needed info figured use webdriverwait verify element present on page. if authentication popup appears, element isn't present. no need care run, start over. the problem having when authentication popup displayed , hit timeout limit want close driver/browser window can start task on again. however, driver.close() , driver.quit() not doing anything. browser remains open , unloaded page still there login p
Read more

tensorflow when input_data MNIST_data , zlib.error: Error -3 while decompressing: invalid block type -

i'm geting started tensorflow,followed tutorials,but cannot download mnist data. import tensorflow tf tensorflow.examples.tutorials.mnist import input_data mnist=input_data.read_data_sets("mnist_data/",one_hot=true) print("download done!") error information: extracting mnist_data/train-images-idx3-ubyte.gz traceback (most recent call last): file "/home/sj/program/tesorflow_try.py", line 6, in <module> mnist=input_data.read_data_sets("mnist_data/",one_hot=true) file "/usr/local/lib/python2.7/dist-packages/tensorflow/contrib/learn/python/learn/datasets/mnist.py", line 213, in read_data_sets train_images = extract_images(f) file "/usr/local/lib/python2.7/dist-packages/tensorflow/contrib/learn/python/learn/datasets/mnist.py", line 60, in extract_images buf = bytestream.read(rows * cols * num_images) file "/usr/lib/python2.7/gzip.py", line 268, in read self._read(readsize) file
Read more