You can view and manage the role mappings for the virtual users using the Token Attribute Rule REST API.
The cURL command examples use the URL structure:
http://host:port/wsm-pmrest/v2/trust/{aTrustDocName}/attributerule/{anIssuerName}/{anIdentifier}/virtualuser/rolemapping
The following use case shows you how to:
-
Create role mappings
-
View role mappings
-
Modify role mappings
-
Delete role mappings
To manage role mappings for the virtual users:
- Specify the headers on the cURL command line:
-H Accept:application/json
- Set the role mapping and role attribute for the virtual user by running the following command:
curl -i -X POST -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustdocumentName}/attributerule/{issuername}/{identifier}/virtualuser/rolemapping
Example
curl -i -X POST -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/attributerule/myIssuer1/myidentifier1/virtualuser/rolemapping
See Create TokenRoleMapping(s).
The following shows an example of the request body.
[
{
"tokenRole": "tokenRole1",
"mappingRoles": [
"mappingRole11",
"mappingRole12"
]
}
]
The following shows an example of the response indicating the request succeeded.
{ "STATUSCODE": "20131", "MESSAGE": "RoleMapping \"[tokenRole:tokenRole1]\" are successfully created." }
- Modify the mapping roles (
mappingRole1 and mappingRole2) for the virtual user to manager and executer by running the following command:
curl -i -X PATCH -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustdocumentName}/attributerule/{issuername}/{identifier}/virtualuser/rolemapping
Example
curl -i -X PATCH -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/attributerule/myIssuer1/myidentifier1/virtualuser/rolemapping
See Update TokenRoleMapping(s).
The following shows an example of the request body:
[
{
"tokenRole": "tokenRole1",
"mappingRoles": [
"manager",
"executer"
]
}
]
The following shows an example of the response indicating the request succeeded.
{
"STATUSCODE": "20132",
"MESSAGE": "RoleMapping \"[tokenRole:tokenRole1]\" are successfully updated."
}
- View the role mappings for the virtual user by running the following command:
curl -i -X GET -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustdocumentName}/attributerule/{issuername}/{identifier}/virtualuser/rolemapping
Example
curl -i -X GET -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/attributerule/myIssuer1/myidentifier1/virtualuser/rolemapping
See Get TokenRoleMapping(s).
The following shows an example of the response indicating the request succeeded.
[
{
"tokenRole": "tokenRole1",
"mappingRoles": [
"manager",
"executer"
]
}
]
- Optionally, delete the role mappings for the virtual user by running the following command:
curl -i -X DELETE -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustdocumentName}/attributerule/{issuername}/{identifier}/virtualuser/rolemapping
Example
curl -i -X DELETE -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/attributerule/myIssuer1/myidentifier1/virtualuser/rolemapping
See Delete TokenRoleMapping(s).
The following shows an example of the response indicating the request succeeded.
{
"STATUSCODE": "20134",
"MESSAGE": "RoleMapping \"[tokenRole:tokenRole1]\" are successfully deleted"
}