saml 2.0 - How to add IDPs to OpenAM federation via CREST API? -
i know there rest apis openam functions self service, authentication etc.., i'm not able find right apis adding remote identity provider etc..,
either i'm missing or there no such rest apis openam due reason. reason not planning on it, or it's not yet there in current release.
is there way can register saml idps in openam without using openam admin console or ssoadm
command?
pointers right code components appreciated.
in access manager 5 (openam 14) can manage saml entities using rest apis. create new hosted samlv2 idp need this:
curl -x post \ 'http://idp.example.com:8080/openam/json/realm-config/federation/entityproviders/saml2?_action=create' \ -h 'content-type: application/json' \ -h 'iplanetdirectorypro: <admin_session_id>' \ -d '{ "_id": "http://idp.example.com:8080/openam", "metadata": "<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?>\n<entitydescriptor entityid=\"http://idp.example.com:8080/openam\" xmlns=\"urn:oasis:names:tc:saml:2.0:metadata\">\n <idpssodescriptor wantauthnrequestssigned=\"false\" protocolsupportenumeration=\"urn:oasis:names:tc:saml:2.0:protocol\">\n <keydescriptor use=\"signing\">\n <ds:keyinfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n <ds:x509data>\n <ds:x509certificate>miidadccalcgawibagidcb/yma0gcsqgsib3dqebcwuamguxczajbgnvbaytalvlmrawdgydvqqiewdccmlzdg9smrawdgydvqqhewdccmlzdg9smriweaydvqqkewlgb3jnzvjvy2sxdzanbgnvbastbk9wzw5bttenmasga1ueaxmedgvzddaefw0xnjazmtgxmtu2mjhafw0ynjazmtyxmtu2mjhamguxczajbgnvbaytalvlmrawdgydvqqiewdccmlzdg9smrawdgydvqqhewdccmlzdg9smriweaydvqqkewlgb3jnzvjvy2sxdzanbgnvbastbk9wzw5bttenmasga1ueaxmedgvzddccasiwdqyjkozihvcnaqebbqadggepadccaqocggebaknbl89ep6b8kzatnspe3+oz3eslx31hjx+dakhtpwxcaackqjfwjwkdxyrupdsvg+8dbk3pghk26ajrse93epxeqmqqxnpmed+n0/8pjkuvywwpiq/ts2itiwovn7wzle4asfvupqor5pjuymwno/pd4l7qnjuckoat9h11hmyip+6roo/eygx4ah7oahfumncysopwhkw/ze9z8wtxc8baegdmt8zfcez1ctqjb/mlsbugdgk8ohydshkmx05babaobq8lrgp5sulsbrtu34elfootbin0fvuzsnwtispbahhrgwrmovm07oslwbuo3h/bj38zbuuqqvsak8yuyoecaweaaamhmb8whqydvr0obbyefhxfabr6pq5xgc+jvx+agtpnnpwzma0gcsqgsib3dqebcwuaa4ibaqazbmj29/2idv1ztc6arhtb4kw/nhhwthxfwtwan7srpb8tlw7fd8aj43rqr5107bg1lgkmt+fzxpafquc/mukjizgzbw0comsotcwugss+hxk6m6fl9aozkjmct1uosppfgjitcgqydgzxr2fh93vxwoaotuwtz119iixidxpojwyjg0hfn+gefpu1pmilfq2/uwqj0hgcnfncm9puagzhqrcdfonolxjnypsfsku5wxlgo99ye5ejwohxxu7csazvttmx7spj1luenogxum6jmqzsyeim1xcocl8rzjkz781w5cwzhujtnzv31sbres8faaceksu7y48bmkuqw6e9</ds:x509certificate>\n </ds:x509data>\n </ds:keyinfo>\n </keydescriptor>\n <artifactresolutionservice index=\"0\" isdefault=\"true\" binding=\"urn:oasis:names:tc:saml:2.0:bindings:soap\" location=\"http://idp.example.com:8080/openam/artifactresolver/metaalias/idp\"/>\n <singlelogoutservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:http-redirect\" location=\"http://idp.example.com:8080/openam/idpsloredirect/metaalias/idp\" responselocation=\"http://idp.example.com:8080/openam/idpsloredirect/metaalias/idp\"/>\n <singlelogoutservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:http-post\" location=\"http://idp.example.com:8080/openam/idpslopost/metaalias/idp\" responselocation=\"http://idp.example.com:8080/openam/idpslopost/metaalias/idp\"/>\n <singlelogoutservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:soap\" location=\"http://idp.example.com:8080/openam/idpslosoap/metaalias/idp\"/>\n <managenameidservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:http-redirect\" location=\"http://idp.example.com:8080/openam/idpmniredirect/metaalias/idp\" responselocation=\"http://idp.example.com:8080/openam/idpmniredirect/metaalias/idp\"/>\n <managenameidservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:http-post\" location=\"http://idp.example.com:8080/openam/idpmnipost/metaalias/idp\" responselocation=\"http://idp.example.com:8080/openam/idpmnipost/metaalias/idp\"/>\n <managenameidservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:soap\" location=\"http://idp.example.com:8080/openam/idpmnisoap/metaalias/idp\"/>\n <nameidformat>urn:oasis:names:tc:saml:2.0:nameid-format:persistent</nameidformat>\n <nameidformat>urn:oasis:names:tc:saml:2.0:nameid-format:transient</nameidformat>\n <nameidformat>urn:oasis:names:tc:saml:1.1:nameid-format:emailaddress</nameidformat>\n <nameidformat>urn:oasis:names:tc:saml:1.1:nameid-format:unspecified</nameidformat>\n <nameidformat>urn:oasis:names:tc:saml:1.1:nameid-format:windowsdomainqualifiedname</nameidformat>\n <nameidformat>urn:oasis:names:tc:saml:2.0:nameid-format:kerberos</nameidformat>\n <nameidformat>urn:oasis:names:tc:saml:1.1:nameid-format:x509subjectname</nameidformat>\n <singlesignonservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:http-redirect\" location=\"http://idp.example.com:8080/openam/ssoredirect/metaalias/idp\"/>\n <singlesignonservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:http-post\" location=\"http://idp.example.com:8080/openam/ssopost/metaalias/idp\"/>\n <singlesignonservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:soap\" location=\"http://idp.example.com:8080/openam/ssosoap/metaalias/idp\"/>\n <nameidmappingservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:soap\" location=\"http://idp.example.com:8080/openam/nimsoap/metaalias/idp\"/>\n <assertionidrequestservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:soap\" location=\"http://idp.example.com:8080/openam/aidreqsoap/idprole/metaalias/idp\"/>\n <assertionidrequestservice binding=\"urn:oasis:names:tc:saml:2.0:bindings:uri\" location=\"http://idp.example.com:8080/openam/aidrequri/idprole/metaalias/idp\"/>\n </idpssodescriptor>\n</entitydescriptor>\n\n", "entityconfig": "<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\"?>\n<entityconfig entityid=\"http://idp.example.com:8080/openam\" hosted=\"true\" xmlns=\"urn:sun:fm:saml:2.0:entityconfig\">\n <idpssoconfig metaalias=\"/idp\">\n <attribute name=\"description\">\n <value/>\n </attribute>\n <attribute name=\"signingcertalias\">\n <value>test</value>\n </attribute>\n <attribute name=\"encryptioncertalias\">\n <value/>\n </attribute>\n <attribute name=\"basicauthon\">\n <value>false</value>\n </attribute>\n <attribute name=\"basicauthuser\">\n <value/>\n </attribute>\n <attribute name=\"basicauthpassword\">\n <value/>\n </attribute>\n <attribute name=\"autofedenabled\">\n <value>false</value>\n </attribute>\n <attribute name=\"autofedattribute\">\n <value/>\n </attribute>\n <attribute name=\"assertioneffectivetime\">\n <value>600</value>\n </attribute>\n <attribute name=\"idpauthncontextmapper\">\n <value>com.sun.identity.saml2.plugins.defaultidpauthncontextmapper</value>\n </attribute>\n <attribute name=\"idpauthncontextclassrefmapping\">\n <value>urn:oasis:names:tc:saml:2.0:ac:classes:passwordprotectedtransport|0||default</value>\n </attribute>\n <attribute name=\"idpaccountmapper\">\n <value>com.sun.identity.saml2.plugins.defaultidpaccountmapper</value>\n </attribute>\n <attribute name=\"idpdisablenameidpersistence\">\n <value>false</value>\n </attribute>\n <attribute name=\"idpattributemapper\">\n <value>com.sun.identity.saml2.plugins.defaultidpattributemapper</value>\n </attribute>\n <attribute name=\"assertionidrequestmapper\">\n <value>com.sun.identity.saml2.plugins.defaultassertionidrequestmapper</value>\n </attribute>\n <attribute name=\"nameidformatmap\">\n <value>urn:oasis:names:tc:saml:1.1:nameid-format:emailaddress=mail</value>\n <value>urn:oasis:names:tc:saml:1.1:nameid-format:x509subjectname=</value>\n <value>urn:oasis:names:tc:saml:1.1:nameid-format:windowsdomainqualifiedname=</value>\n <value>urn:oasis:names:tc:saml:2.0:nameid-format:kerberos=</value>\n <value>urn:oasis:names:tc:saml:1.1:nameid-format:unspecified=</value>\n </attribute>\n <attribute name=\"idpecpsessionmapper\">\n <value>com.sun.identity.saml2.plugins.defaultidpecpsessionmapper</value>\n </attribute>\n <attribute name=\"attributemap\"/>\n <attribute name=\"wantnameidencrypted\">\n <value/>\n </attribute>\n <attribute name=\"wantartifactresolvesigned\">\n <value/>\n </attribute>\n <attribute name=\"wantlogoutrequestsigned\">\n <value/>\n </attribute>\n <attribute name=\"wantlogoutresponsesigned\">\n <value/>\n </attribute>\n <attribute name=\"wantmnirequestsigned\">\n <value/>\n </attribute>\n <attribute name=\"wantmniresponsesigned\">\n <value/>\n </attribute>\n <attribute name=\"cotlist\">\n <value>test</value>\n </attribute>\n <attribute name=\"discoverybootstrappingenabled\">\n <value>false</value>\n </attribute>\n <attribute name=\"assertioncacheenabled\">\n <value>false</value>\n </attribute>\n <attribute name=\"assertionnotbeforetimeskew\">\n <value>600</value>\n </attribute>\n <attribute name=\"saeappsecretlist\"/>\n <attribute name=\"saeidpurl\">\n <value>http://idp.example.com:8080/openam/idpsaehandler/metaalias/idp</value>\n </attribute>\n <attribute name=\"authurl\">\n <value/>\n </attribute>\n <attribute name=\"applogouturl\">\n <value/>\n </attribute>\n <attribute name=\"idpsessionsyncenabled\">\n <value>false</value>\n </attribute>\n <attribute name=\"relaystateurllist\"/>\n </idpssoconfig>\n</entityconfig>\n\n", "_type": { "_id": "saml2", "name": "entity descriptor ", "collection": true } }'
Comments
Post a Comment