Skip to main content

NETIQ IDM - Boost strap your start with identity application REST API



Boost strap your start with identity application REST API:


If you want to play out with NetIQ rest API within identity application (IDMProv), you can see a few examples here:

 these are the rest API protected by Oauth2 Authorization (resource owner password credentials grant):
The first step is to obtain token: ( you must have enabled client "rbpm" in the OSPF for the resource owner password credential grant) flow:

 An example is taken in c#: (postman)

 Get an access token:

 var client = new RestClient("https://<your host>/osp/a/idm/auth/oauth2/grant");  
 client.Timeout = -1;  
 var request = new RestRequest(Method.POST);  
 request.AddHeader("Content-Type", "application/x-www-form-urlencoded");  
 request.AddHeader("Authorization", "Basic Basic bas64 encoded string clientid<rbpm>:clientsecret>");  
 request.AddHeader("Content-Type", "application/x-www-form-urlencoded");  
 request.AddParameter("grant_type", "password");  
 request.AddParameter("client_id", "rbpm");  
 request.AddParameter("username", "ldap DN of authorizied user");  
 request.AddParameter("password", "ldap password for authorized user");  
 request.AddParameter("client_secret", "password of clientid(rbpm)");  
 IRestResponse response = client.Execute(request);  
 Console.WriteLine(response.Content);

once you acquired access_token;
Use it as a bearer token to test it with getting driver list API

 https://<your host>/IDMProv/rest/admin/driver

 var client = new RestClient("https://<host>/IDMProv/rest/admin/driver");  
 var request = new RestRequest(Method.GET);  
 request.AddHeader("Content-Type", "application/json");  
 request.AddHeader("Authorization", "bearer <acess_token>");  
 IRestResponse response = client.Execute(request);  
 Console.WriteLine(response.Content);

How to get a new access token from refresh token?

 var client = new RestClient("https://<your host>/osp/a/idm/auth/oauth2/grant");  
 client.Timeout = -1;  
 var request = new RestRequest(Method.POST);  
 request.AddHeader("Content-Type", "application/x-www-form-urlencoded");  
 request.AddHeader("Authorization", "Basic bas64 encoded string clientid:clientsecret");  
 request.AddHeader("Content-Type", "application/x-www-form-urlencoded");  
 request.AddParameter("grant_type", "refresh_token");  
 request.AddParameter("client_id", "rbpm");  
 request.AddParameter("client_secret", "secret of rbpm clientid");  
 request.AddParameter("refresh_token", "<refresh_token>");  
 IRestResponse response = client.Execute(request);  
 Console.WriteLine(response.Content);


More info:
https://www.netiq.com/documentation/identity-manager-developer/rest-api-documentation/idmappsdoc/#/




Comments

Post a Comment

Popular posts from this blog

Experience writing a Java based DirXML Driver

Based on the customer project, I wrote a DirXML driver which provision users through Novell Identity Manager 3.5.1 to their company intranet portal ( A Plone System). The portal exposed the RESTful API interfaces. So I started looking first at the Novell SOAP driver to see if it fit our needs. But while reading the driver documentation i felt it required too much XSLT knowledge + more customization and testing on the driver. And again it used the Apache HttpClient, Which is more a HttpClient rather then it targets to any specific protocol implementation. So If you could build SOAP messages at your own so it would help you in transporting these message back and forth between IDM and Application. The Novell SOAP driver comes up with two built in configurations "SPML and DSML", but in my case none of them were suitable. I had always wished to write my own DirXML driver at my own, so I thought why not just take this opportunity to fulfill my wish and at the same time get s...
1 comment
Read more

NetIQ IDM - Adding operation-data to subscriber command transformaiton custom commands

Recently i had to execute EOL cmdlets using psexecute though new NetIQ azure ad driver, since this operation is fire and forget in nature, i would like to track whole request and response for my own generated commands from subscriber command transofrmaiton policy, so i solved it by following policy: < do-set-dest-attr-value direct = "true" name = "psexecute" > < arg-association > < token-resolve datastore = "src" > < arg-dn > < token-text xml:space = "preserve" > {userref} </ token-text > </ arg-dn > </ token-resolve > </ arg-association > < arg-value type = "string" > < token-local-variable name = "cmdlet" /> </ arg-value > </ do-set-dest-attr-value > < do-append-xml-element expression = "../modify[@direct]" na...
2 comments
Read more