Skip to main content

NETIQ IDM - Boost strap your start with identity application REST API



Boost strap your start with identity application REST API:


If you want to play out with NetIQ rest API within identity application (IDMProv), you can see a few examples here:

 these are the rest API protected by Oauth2 Authorization (resource owner password credentials grant):
The first step is to obtain token: ( you must have enabled client "rbpm" in the OSPF for the resource owner password credential grant) flow:

 An example is taken in c#: (postman)

 Get an access token:

 var client = new RestClient("https://<your host>/osp/a/idm/auth/oauth2/grant");  
 client.Timeout = -1;  
 var request = new RestRequest(Method.POST);  
 request.AddHeader("Content-Type", "application/x-www-form-urlencoded");  
 request.AddHeader("Authorization", "Basic Basic bas64 encoded string clientid<rbpm>:clientsecret>");  
 request.AddHeader("Content-Type", "application/x-www-form-urlencoded");  
 request.AddParameter("grant_type", "password");  
 request.AddParameter("client_id", "rbpm");  
 request.AddParameter("username", "ldap DN of authorizied user");  
 request.AddParameter("password", "ldap password for authorized user");  
 request.AddParameter("client_secret", "password of clientid(rbpm)");  
 IRestResponse response = client.Execute(request);  
 Console.WriteLine(response.Content);

once you acquired access_token;
Use it as a bearer token to test it with getting driver list API

 https://<your host>/IDMProv/rest/admin/driver

 var client = new RestClient("https://<host>/IDMProv/rest/admin/driver");  
 var request = new RestRequest(Method.GET);  
 request.AddHeader("Content-Type", "application/json");  
 request.AddHeader("Authorization", "bearer <acess_token>");  
 IRestResponse response = client.Execute(request);  
 Console.WriteLine(response.Content);

How to get a new access token from refresh token?

 var client = new RestClient("https://<your host>/osp/a/idm/auth/oauth2/grant");  
 client.Timeout = -1;  
 var request = new RestRequest(Method.POST);  
 request.AddHeader("Content-Type", "application/x-www-form-urlencoded");  
 request.AddHeader("Authorization", "Basic bas64 encoded string clientid:clientsecret");  
 request.AddHeader("Content-Type", "application/x-www-form-urlencoded");  
 request.AddParameter("grant_type", "refresh_token");  
 request.AddParameter("client_id", "rbpm");  
 request.AddParameter("client_secret", "secret of rbpm clientid");  
 request.AddParameter("refresh_token", "<refresh_token>");  
 IRestResponse response = client.Execute(request);  
 Console.WriteLine(response.Content);


More info:
https://www.netiq.com/documentation/identity-manager-developer/rest-api-documentation/idmappsdoc/#/




Comments

Post a Comment

Popular posts from this blog

NetIQ IDM - JDBC statemens using policy builder

Few examples of using JDBC statements using dirxml policies On the Output policy: Handling matching policies with operation-data support: < rule > < description > [DB] Convert Query to DDL doc </ description > < comment name = "author" xml:space = "preserve" > Maqsood Ali Bhatti </ comment > < comment name = "version" xml:space = "preserve" > 5 </ comment > < comment name = "lastchanged" xml:space = "preserve" > Dec 20, 2017 </ comment > < conditions > < and > < if-operation mode = "case" op = "equal" > query </ if-operation > </ and > </ conditions > < actions > < do-append-xml-element expression = ".." name = "jdbc:statement" /> < do-append-xml-element expression = "../jdbc:statement[las...
Post a Comment
Read more

NetIQ IDM - Strip unwanted group member values from current operation

This code example shows how to remove unwanted group members from current operation based on some business logic. Optimization group members add to avoid  "ALREADY_EXIST_VALUE" kind of errors. when IDM engine fails to do so. Here I am doing look up in AD for members, and for each added member from IDM if user is already member of AD group, i am just striping out current member value from the current operaiton. < do-set-local-variable name = "group-dn" scope = "policy" > < arg-string > < token-src-dn /> </ arg-string > </ do-set-local-variable > < do-set-local-variable name = "group-members" scope = "policy" > < arg-node-set > < token-dest-attr class-name = "Group" name = "Member" /> </ arg-node-set > </ do-set-local-variable > < do-trace-message > < arg-string ...
Post a Comment
Read more

NetIQ IDM - Adding operation-data to subscriber command transformaiton custom commands

Recently i had to execute EOL cmdlets using psexecute though new NetIQ azure ad driver, since this operation is fire and forget in nature, i would like to track whole request and response for my own generated commands from subscriber command transofrmaiton policy, so i solved it by following policy: < do-set-dest-attr-value direct = "true" name = "psexecute" > < arg-association > < token-resolve datastore = "src" > < arg-dn > < token-text xml:space = "preserve" > {userref} </ token-text > </ arg-dn > </ token-resolve > </ arg-association > < arg-value type = "string" > < token-local-variable name = "cmdlet" /> </ arg-value > </ do-set-dest-attr-value > < do-append-xml-element expression = "../modify[@direct]" na...
2 comments
Read more