1. REST API for Oracle Web Services ManagerREST API for Oracle Web Services Manager
  2. Use Cases
  3. Manage the Token Attribute Rules

Manage the Token Attribute Rules

You can view and manage the token attribute rules for a token issuer trust document using the Token Attribute Rule REST API.

The cURL command examples use the URL structure:
http(s)://host:port/wsm-pmrest/v2/trust/{trustname}/attributerule

The following use case shows you how to:

  • Create the token attribute rules

  • Modify the token attribute rules

  • View the token attribute rules

  • Delete a token attribute rules

To manage the token attribute rules using the Token Attribute Rules REST API:

  1. Specify the headers on the cURL command line:
    -H Accept:application/json
  2. Create the token attribute rules with identifier myidentifier1 and issuer name www.abccompany.com to the trusted issuer document myTrustDocument by running the following command:
    curl -i -X POST -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/attributerule

    Example

    curl -i -X POST -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/attributerule

    See Create TokenAttributeRule(s).

    The following shows an example of the request body with a single token attribute rule.

    [
  {
    "identifier": "myidentifier1",
    "issuername": "www.abccompany.com"
  }
]

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20101",
  "MESSAGE": "TokenAttributeRule \"[identifier:myidentifier1, issuername:www.abccompany.com]\" are successfully created."
}

    Note:

    To add the name ID , proxy, virtual user, and attributes to the token attribute rule, see:

  3. Create the token attribute rules for the issuer www.xyzcompany.com with the name ID, virtual user, and attributes added to the trusted issuer document myTrustDocument by running the following command:
    curl -i -X POST -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/attributerule

    Example

    curl -i -X POST -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/attributerule

    See Create TokenAttributeRule(s).

    The following shows an example of the request body with a single token attribute rule.

    [
  {
    "issuername": "www.xyzcompany.com",
    "nameid": {
      "nameidAttribute": "nameidattr1",
      "mapping": {
        "userAttribute": "userAttr1",
        "userMappingAttribute": "userMappingAttr1"
      },
      "filter": [
        "filter1",
        "filter2"
      ]
    },
    "virtualuser": {
      "enabled": "true",
      "defaultRoles": [
        "defaultRole1",
        "defaultRole2"
      ],
      "tokenRoleAttributes": [
        "roleAttr1",
        "roleAttr2"
      ],
      "tokenRoleMappings": [
        {
          "tokenRole": "tokenRole1",
          "mappingRoles": [
            "mappingRole1",
            "mappingRole2"
          ]
        }
      ]
    },
    "attributes": [
      {
        "name": "attr1",
        "mapping": {
          "userAttribute": "userAttr1",
          "userMappingAttribute": "userMappingAttr1"
        },
        "filter": [
          "filter11",
          "filter12"
        ]
      },
      {
        "name": "attr2",
        "filter": [
          "filter21",
          "filter22"
        ]
      }
    ]
  }
]

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20101",
  "MESSAGE": "TokenAttributeRule \"[identifier:null, issuername:www.xyzcompany.com]\" are successfully created."
}
  4. View the details of a specific token attribute rule by specifying the issuername and identifier query parameters:
    curl -i -X GET -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/attributerule?issuername={IssuerName}&identifier={Identifier}

    Example

    curl -i -X GET -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/attributerule?issuername=www.abccompany.com&identifier=myidentifier1

    See Get TokenAttributeRule(s).

    The following shows an example of the response body:

    [
  {
    "issuername": "www.abccompany.com",
    "identifier": "myidentifier1"
  }
]
  5. View the details for the for the issuer www.xyzcompany.com by specifying the issuername query parameter:
    curl -i -X GET -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/attributerule?issuername={IssuerName}&identifier={Identifier}

    Example

    curl -i -X GET -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/attributerule?issuername=www.xyzcompany.com

    See Get TokenAttributeRule(s).

    The following shows an example of the response body:

    [
  {
    "issuername": "www.xyzcompany.com",
    "nameid": {
      "mapping": {
        "userAttribute": "userAttr1",
        "userMappingAttribute": "userMappingAttr1"
      },
      "filter": [
        "filter1",
        "filter2"
      ],
      "nameidAttribute": "nameidattr1"
    },
    "virtualuser": {
      "enabled": "true",
      "defaultRoles": [
        "defaultRole1",
        "defaultRole2"
      ],
      "tokenRoleAttributes": [
        "roleAttr1",
        "roleAttr2"
      ],
      "tokenRoleMappings": [
        {
          "tokenRole": "tokenRole1",
          "mappingRoles": [
            "mappingRole1",
            "mappingRole2"
          ]
        }
      ]
    },
    "attributes": [
      {
        "name": "attr1",
        "mapping": {
          "userAttribute": "userAttr1",
          "userMappingAttribute": "userMappingAttr1"
        },
        "filter": [
          "filter11",
          "filter12"
        ]
      },
      {
        "name": "attr2",
        "filter": [
          "filter21",
          "filter22"
        ]
      }
    ]
  }
]
  6. Optionally, delete the www.xyzcompany.com attribute rule from the repository by specifying the issuername query parameter:
    curl -i -X DELETE -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/attributerule?issuername={IssuerName}&identifier={Identifier}

    Example

    curl -i -X DELETE -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/attributerule?issuername=www.xyzcompany.com

    See Delete TokenAttributeRule(s).

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20104",
  "MESSAGE": "Following TokenAttributeRule(s) are successfully deleted: [identifier:null, issuername:www.xyzcompany.com]"
}
  7. Optionally, delete all the token attribute rules for the myTrustDocument trusted issuer document from the repository by running the following command:
    curl -i -X DELETE -u username:password -H Content-type:application/json http://host:port/wsm-pmrest/v2/trust/{trustname}/attributerule

    Example

    curl -i -X DELETE -u Smith:Password -H Content-type:application/json http://myhost:7001/wsm-pmrest/v2/trust/myTrustDocument/attributerule

    See Delete TokenAttributeRule(s).

    The following shows an example of the response indicating the request succeeded.

    {
  "STATUSCODE": "20104",
  "MESSAGE": "Following TokenAttributeRule(s) are successfully deleted: [identifier:myidentifier1, issuername:www.abccompany.com, identifier:null, issuername:www.testcompany.com]"
}