This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Using the Service Provider API
This section guides you through using the Identity Application Management API to create a service provider, update it, delete it and the different operations you can use to work with it. See Calling Admin Services to enable the admin service. The following operations are available:
The service contract of this admin service can be found at https://<IS_HOST>:<IS_PORT>/services/IdentityApplicationManagementService?wsdl. Replace the tag <IS_HOST>:<IS_PORT> with the relevant host and port number, for example: https://localhost:9443/services/IdentityApplicationManagementService?wsdl
createApplication
Permission Level: /permission/admin/manage
Creating an application via Identity Application Management Service is a two step process. The first step involves creating a service provider for the given application name and the description. The next step will update it with other configurations. The createApplication
operation performs the first step i.e, it creates a service provider in the Identity Server for the application name and description, and returns the application ID.
Input parameters
Parameter | Type | Description |
---|---|---|
applicationName | String | The desired service provider name. Adding a service provider creates an internal application role for the given name as Internal/<applicationName>. Thus, creating another service provider for the name is not possible and will throw an IdentityApplicationManagementException. |
description | String | Some text describing the service provider |
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:createApplication> <!--Optional:--> <xsd:serviceProvider> <!--Optional:--> <xsd1:applicationID>?</xsd1:applicationID> <!--Optional:--> <xsd1:applicationName>?</xsd1:applicationName> <!--Optional:--> <xsd1:claimConfig> </xsd1:claimConfig> <!--Optional:--> <xsd1:description>?</xsd1:description> <!--Optional:--> <xsd1:inboundAuthenticationConfig>...</xsd1:inboundAuthenticationConfig> <!--Optional:--> <xsd1:inboundProvisioningConfig>...</xsd1:inboundProvisioningConfig> <!--Optional:--> <xsd1:localAndOutBoundAuthenticationConfig>...</xsd1:localAndOutBoundAuthenticationConfig> <!--Optional:--> <xsd1:outboundProvisioningConfig>...</xsd1:outboundProvisioningConfig> <!--Optional:--> <xsd1:owner>...</xsd1:owner> <!--Optional:--> <xsd1:permissionAndRoleConfig>...</xsd1:permissionAndRoleConfig> <!--Zero or more repetitions:--> <xsd1:requestPathAuthenticatorConfigs>...</xsd1:requestPathAuthenticatorConfigs> <!--Optional:--> <xsd1:saasApp>?</xsd1:saasApp> </xsd:serviceProvider> </xsd:createApplication> </soapenv:Body> </soapenv:Envelope>
Response:
<soap:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soap:Body> <ns:createApplicationResponse xmlns:ns="http://org.apache.axis2/xsd"> <ns:return>4</ns:return> </ns:createApplicationResponse> </soap:Body> </soap:Envelope>
updateApplication
Permission Level: /permission/admin/manage
After creating the service provider, it can be configured and updated with the following configurations:
- Claim configuration
- Role/Permission configuration
- Inbound and Outbound authentication configuration
- Inbound and Outbound provisioning configuration
The service provider is updated based on its applicationId. The format of the update request should be as follows.
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://model.common.application.identity.carbon.wso2.org/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:updateApplication> <!--Optional:--> <xsd:serviceProvider> <!--Optional:--> <xsd1:applicationID>?</xsd1:applicationID> <!--Optional:--> <xsd1:applicationName>?</xsd1:applicationName> <!--Optional:--> <xsd1:claimConfig> </xsd1:claimConfig> <!--Optional:--> <xsd1:description>?</xsd1:description> <!--Optional:--> <xsd1:inboundAuthenticationConfig>...</xsd1:inboundAuthenticationConfig> <!--Optional:--> <xsd1:inboundProvisioningConfig>...</xsd1:inboundProvisioningConfig> <!--Optional:--> <xsd1:localAndOutBoundAuthenticationConfig>...</xsd1:localAndOutBoundAuthenticationConfig> <!--Optional:--> <xsd1:outboundProvisioningConfig>...</xsd1:outboundProvisioningConfig> <!--Optional:--> <xsd1:owner>...</xsd1:owner> <!--Optional:--> <xsd1:permissionAndRoleConfig>...</xsd1:permissionAndRoleConfig> <!--Zero or more repetitions:--> <xsd1:requestPathAuthenticatorConfigs>...</xsd1:requestPathAuthenticatorConfigs> <!--Optional:--> <xsd1:saasApp>?</xsd1:saasApp> </xsd:serviceProvider> </xsd:updateApplication> </soapenv:Body> </soapenv:Envelope>
Response:
None
Input parameters
Service provider level parameters
Parameter | Type | Description |
---|---|---|
applicationID | Integer | Application ID of the service provider. This is mandatory when updating the SP |
applicationName | String | Service provider name |
claimConfig | ClaimConfig | Claims related configurations |
description | String | Description of the SP |
inboundAuthenticationConfig | InboundAuthenticationConfig | Inbound authentication related configurations |
inboundProvisioningConfig | InboundProvisioningConfig | Inbound provisioning related configurations |
localAndOutBoundAuthenticationConfig | LocalAndOutboundAuthenticationConfig | Local and outbound authentication |
outboundProvisioningConfig | OutboundProvisioningConfig | - |
owner | User | - |
permissionAndRoleConfig | PermissionsAndRoleConfig | - |
requestPathAuthenticatorConfigs | RequestPathAuthenticatorConfig | - |
saasApp | Optional | This parameter allows you to determine whether the service provider is a SaaS application. true - enable SaaS application false - disable SaaS application If no value is passed for this parameter, the service provider is marked as SaaS disabled by default. Thus, t he web application is not shared among tenants so only users in the current tenant (the one you are logged in when creating the service provider) are allowed to log into the web application. Alternatively, if you enabled SaaS application, that means this web application is shared among tenants so users from any tenant are allowed to log into the web application. |
Claim configuration level parameters
The <claimConfig> element defines all claim configuration level inputs. This element can have zero or more <claimMappings>
elements that specify claims referred by this service provider. A <claimMappings>
element includes two elements; <localClaim>
and <remoteClaim>
where each is represented by a claimId and a claimURI. The <localClaim>
denotes a standard claim which is local to the WSO2 Identity Server and the <remoteClaim>
denotes some remote claim value that maps to the local claim under the same claim mapping. Remote claims are specifically used with identity federation scenarios to map claims received from the federated Identity Provider to local claims.
Parameter | Type | Description |
---|---|---|
alwaysSendMappedLocalSubjectId | Boolean | |
localClaimDialect | Boolean | This is a boolean that specifies whether this service provider is using the local claim dialect or a custom claim dialect. true - using the local claim dialect false - using the custom claim dialect If it is using the custom claim dialect, the local claim should map with a remote claim in each claim mapping otherwise, both the local claim URI and the remote claim URI should be the same (i.e. a URI defined under a dialect local to the WSO2 Identity Server). |
claimMappings.localClaim.claimId claimMappings.remoteClaim.claimId | Integer | Integer value that identifies the claim. Applies to both localClaim and remoteClaim elements. |
claimMappings.localClaim.claimUri claimMappings.remoteClaim.claimUri | String | URI specific to the claim. Applies to both localClaim and remoteClaim elements. When defined under localClaim, this is a URI defined under the dialect specific to the claim. If defined under the remoteClaim, this is a remote claim URI which maps with the local claim defined under the same parent claimMappings element. If only the local claim dialect is used, the same claimURI in localClaim should be used with claimURI in remoteClaim, since there are no explicit local to remote claim mappings. |
claimMappings.requested | Boolean | This is a boolean that marks a mapped claim as a requested claim which ensures that the service provider definitely sends this claim to the Identity Server. true - mark as requested false - mark as not requested |
idpClaims.claimId | Integer | No usage found |
idpClaims.claimUri | String | No usage found |
roleClaimURI | String | Role claim URI is used to identify the claim that equates to the role of the user. This is linked to the permissions that you can apply for specific user roles. This is a remote claim URI mapped via claim mappings. |
userClaimURI | String | No usage found |
Permissions and roles configuration parameters
The
<permissionAndRoleConfig>
element defines all permission and role configuration level inputs. Under this element, specific permissions can be specified via zero or more <permissions>
blocks.
Parameter | Type | Description |
---|---|---|
permissions.value | String | A string value that defines a service provider specific permission. This permission is added under |
Once the permissions are specified, the roles specific to the service provider can be mapped to local roles defined in the Identity Server via zero or more <roleMappings>
blocks. A <roleMappings>
block includes a <localRole>
element and a <remoteRole>
element. The <localRole>
represents a local role defined in the identity server and the <remoteRole>
represents the service provider specific role that you want to map to the local role.
Parameter | Type | Description |
---|---|---|
localRole.localRoleName | String | This is the name of the local role which is defined in Identity Server. |
localRole.userStoreId | String | No usage found |
remoteRole | String | Role specific to the service provider |
<xsd1:permissionAndRoleConfig> <!--Zero or more repetitions:--> <xsd1:permissions> <!--Optional:--> <xsd1:value>/admin1/</xsd1:value> </xsd1:permissions> <!--Zero or more repetitions:--> <xsd1:roleMappings> <!--Optional:--> <xsd1:localRole> <!--Optional:--> <xsd1:localRoleName>http://wso2.org/claims/lastname</xsd1:localRoleName> <!--Optional:--> <xsd1:userStoreId></xsd1:userStoreId> </xsd1:localRole> <!--Optional:--> <xsd1:remoteRole>lastname</xsd1:remoteRole> </xsd1:roleMappings>undefined </xsd1:permissionAndRoleConfig>
Inbound authentication
Inbound Authentication Configuration defines the protocol that the service provider and the Identity Server uses to communicate. You can add a common set of configurations for the service provider for any protocol such as SAML 2.0, OpenID, OpenID Connect, OAuth 2.0, and WS-Federation (passive) that is supported by WSO2 Identity Server .
The
<inboundAuthenticationConfig>
element consists of an authentication key, authentication type, and a set of properties.
Parameter | Type | Description |
---|---|---|
inboundAuthenticationRequestConfigs | InboundAuthenticationRequestConfig | Zero or more inbound authentication request configurations. |
inboundAuthKey | String | Specify an identifier for the service provider as the authentication key. |
inboundAuthType | String | Specify the authentication type. ex: samlsso, oauth2, wstrust, passivests, |
properties | Property | Inbound authentication request properties |
properties.name | String | Specify the property name |
properties.value | String | Specify the property value |
Inbound provisioning configuration
The inbound provisioning of the service provider can be configured.
Parameter | Type | Description |
---|---|---|
provisioningEnabled | Boolean | - |
provisioningUserStore | String | User store domain name |
<xsd1:inboundProvisioningConfig> <!--Optional:--> <xsd1:provisioningEnabled>false</xsd1:provisioningEnabled> <!--Optional:--> <xsd1:provisioningUserStore>PRIMARY</xsd1:provisioningUserStore> </xsd1:inboundProvisioningConfig>
Local and outbound authentication configuration
Parameter | Type | Description |
---|---|---|
alwaysSendBackAuthenticatedListOfIdPs | boolean | Always send back the authenticated list of identity providers. true - send authenticated list of IdPs false - do not send authenticated list of IdPs |
authenticationStepForAttributes | AuthenticationStep | //No Usage found |
authenticationStepForSubject | AuthenticationStep | //No Usage found |
authenticationSteps | AuthenticationStep | Zero or more authentication steps |
authenticationSteps.attributeStep | boolean | true - Use attributes from the current step |
authenticationSteps.federatedIdentityProviders | IdentityProvider | To configure federated IdPs, there should be one or more registered IdPs with at least one federated authenticator enabled. With the request, it is necessary to include the IdP name and the federated authenticator name. The federated authenticator should be enabled in the IdP. If a federated authenticator is not mentioned, the default federated authenticator for the IdP will be used. |
authenticationSteps.localAuthenticatorConfigs | LocalAuthenticatorConfigs | Local authentication related configs for the authentication step. For example, you can specify whether to use a basic or an IWA authenticator. To use basic, localAuthenticatorConfigs.name should be 'BasicAuthenticator' while 'IWAAuthenticator' for iwa. |
authenticationSteps.stepOrder | int | Execution order of the step |
authenticationSteps.subjectStep | boolean | true - Use subject identifier from this step |
authenticationType | String | Depending on the requirement, the authentication type can be specified. The available types are: default,local,federated,flow. Refer the sample requests below on each authentication type configuration. |
subjectClaimUri | String | Subject claim URI |
Default
<xsd1:localAndOutBoundAuthenticationConfig> <!--Optional:--> <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs> <!--Optional:--> <xsd1:authenticationType>default</xsd1:authenticationType> <xsd1:subjectClaimUri /> </xsd1:localAndOutBoundAuthenticationConfig>
Local
Since there is only one <authenticationSteps>
element configured here, there is no need to set the authenticationSteps.stepOrder
, authenticationSteps.subjectStep, authenticationSteps.attributeStep
attributes.
<xsd1:localAndOutBoundAuthenticationConfig> <!--Optional:--> <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs> <!--Zero or more repetitions:--> <xsd1:authenticationSteps> <!--Optional:--> <xsd1:localAuthenticatorConfigs> <!--Optional:--> <xsd1:name>BasicAuthenticator</xsd1:name> </xsd1:localAuthenticatorConfigs> </xsd1:authenticationSteps> <!--Optional:--> <xsd1:authenticationType>local</xsd1:authenticationType> <xsd1:subjectClaimUri /> </xsd1:localAndOutBoundAuthenticationConfig>
Federated
Since there is only one <authenticationSteps>
configured here, there is no need to set the authenticationSteps.stepOrder, authenticationSteps.subjectStep, authenticationSteps.attributeStep
attributes.
<xsd1:localAndOutBoundAuthenticationConfig> <!--Optional:--> <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs> <!--Zero or more repetitions:--> <xsd1:authenticationSteps> <!--Zero or more repetitions:--> <xsd1:federatedIdentityProviders> <!--Optional:--> <xsd1:identityProviderName>TestIdP</xsd1:identityProviderName> </xsd1:federatedIdentityProviders> </xsd1:authenticationSteps> <!--Optional:--> <xsd1:authenticationType>federated</xsd1:authenticationType> <xsd1:subjectClaimUri /> </xsd1:localAndOutBoundAuthenticationConfig>
<
authenticationSteps>
can be configured here. Therefore, in each <authenticationSteps>
, the stepOrder and whether the subject identifiers and attributes should be used from that particular step.<xsd1:localAndOutBoundAuthenticationConfig> <!--Optional:--> <xsd1:alwaysSendBackAuthenticatedListOfIdPs>false</xsd1:alwaysSendBackAuthenticatedListOfIdPs> <!--Zero or more repetitions:--> <xsd1:authenticationSteps> <!--Optional:--> <xsd1:attributeStep>true</xsd1:attributeStep> <!--Zero or more repetitions:--> <xsd1:federatedIdentityProviders> <defaultAuthenticatorConfig> <name>FacebookAuthenticator-v2</name> </defaultAuthenticatorConfig> <!--Zero or more repetitions:--> <xsd1:federatedAuthenticatorConfigs> <!--Optional:--> <xsd1:name>FacebookAuthenticator-v2</xsd1:name> </xsd1:federatedAuthenticatorConfigs> <!--Optional:--> <xsd1:identityProviderName>TestIdP</xsd1:identityProviderName> </xsd1:federatedIdentityProviders> <!--Zero or more repetitions:--> <xsd1:localAuthenticatorConfigs> <!--Optional:--> <xsd1:name>BasicAuthenticator</xsd1:name> </xsd1:localAuthenticatorConfigs> <!--Optional:--> <xsd1:stepOrder>1</xsd1:stepOrder> <!--Optional:--> <xsd1:subjectStep>true</xsd1:subjectStep> </xsd1:authenticationSteps> <!--Optional:--> <xsd1:authenticationType>flow</xsd1:authenticationType> <xsd1:subjectClaimUri /> </xsd1:localAndOutBoundAuthenticationConfig>
Request path authenticator configuration
Specify configurations related to zero or more request path authenticators.
Parameter | Type | Description |
---|---|---|
displayName | String | //No Usage found |
enabled | Boolean | true - enable false - deisable |
name | String | OAuthRequestPathAuthenticator BasicAuthRequestPathAuthenticator |
valid | boolean | true - valid false - invalid |
properties | Property | //No Usage found |
<xsd1:requestPathAuthenticatorConfigs> <!--Optional:--> <xsd1:displayName >Display Name</xsd1:displayName> <!--Optional:--> <xsd1:enabled>true</xsd1:enabled> <!--Optional:--> <xsd1:name>OAuthRequestPathAuthenticator</xsd1:name> <!--Optional:--> <xsd1:valid>true</xsd1:valid> <xsd1:properties/> </xsd1:requestPathAuthenticatorConfigs> <xsd1:requestPathAuthenticatorConfigs> <!--Optional:--> <xsd1:displayName >nm</xsd1:displayName> <!--Optional:--> <xsd1:enabled>true</xsd1:enabled> <!--Optional:--> <xsd1:name>BasicAuthRequestPathAuthenticator</xsd1:name> <!--Optional:--> <xsd1:valid>true</xsd1:valid> <xsd1:properties/> </xsd1:requestPathAuthenticatorConfigs>
Outbound provisioning configuration
To configure the outbound provisioning of the service provider, use the following parameters.
Parameter | Type | Description |
---|---|---|
provisionByRoleList | String | - |
provisioningIdentityProviders | IdentityProvider | To configure provisioning IdPs, there should be one or more registered IdPs, with at least one outbound provisioning connector enabled. Include the IdP name and provisioning connector name and specify whether to enable JiT provisioning with the request. |
Request:
<xsd1:outboundProvisioningConfig> <!--Zero or more repetitions:--> <xsd1:provisionByRoleList></xsd1:provisionByRoleList> <!--Zero or more repetitions:--> <xsd1:provisioningIdentityProviders> <!--Optional:--> <xsd1:defaultProvisioningConnectorConfig> <!--Optional:--> <xsd1:blocking>true</xsd1:blocking> <!--Optional:--> <xsd1:name>spml</xsd1:name> </xsd1:defaultProvisioningConnectorConfig> <!--Optional:--> <xsd1:identityProviderName>TestIdP</xsd1:identityProviderName> <!--Optional:--> <xsd1:justInTimeProvisioningConfig > <!--Optional:--> <xsd1:provisioningEnabled>true</xsd1:provisioningEnabled> </xsd1:justInTimeProvisioningConfig> </xsd1:provisioningIdentityProviders> </xsd1:outboundProvisioningConfig>
deleteApplication
Permission Level: /permission/admin/manage
A service provider is deleted based on the application name. The input parameters and the format of the request should be as follows.
Input parameters
Parameter | Type | Description |
---|---|---|
applicationName | String | Name of the application |
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:deleteApplication> <!--Optional:--> <xsd:applicationName>TestSP</xsd:applicationName> </xsd:deleteApplication> </soapenv:Body> </soapenv:Envelope>
Response:
None
getAllApplicationBasicInfo
Permission Level: /permission/admin/manage
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:getAllApplicationBasicInfo/> </soapenv:Body> </soapenv:Envelope>
Response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:getAllApplicationBasicInfoResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2115="http://core.carbon.wso2.org/xsd" xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd" xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd" xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd"> <ns:return xsi:type="ax2117:ApplicationBasicInfo" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2117:applicationName>TestSP1</ax2117:applicationName> <ax2117:description>Test Service Provider-1</ax2117:description> </ns:return> </ns:getAllApplicationBasicInfoResponse> </soapenv:Body> </soapenv:Envelope>
getAllIdentityProviders
Permission Level: /permission/admin/manage
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:getAllIdentityProviders/> </soapenv:Body> </soapenv:Envelope>
Response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:getAllIdentityProvidersResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2115="http://core.carbon.wso2.org/xsd" xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd" xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd" xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd"> <ns:return xsi:type="ax2117:IdentityProvider" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2117:alias xsi:nil="true"/> <ax2117:certificate xsi:nil="true"/> <ax2117:claimConfig xsi:nil="true"/> <ax2117:defaultAuthenticatorConfig xsi:nil="true"/> <ax2117:defaultProvisioningConnectorConfig xsi:nil="true"/> <ax2117:displayName xsi:nil="true"/> <ax2117:enable>true</ax2117:enable> <ax2117:federatedAuthenticatorConfigs xsi:type="ax2117:FederatedAuthenticatorConfig"> ...</ax2117:federatedAuthenticatorConfigs> <ax2117:federationHub>false</ax2117:federationHub> <ax2117:homeRealmId xsi:nil="true"/> <ax2117:identityProviderDescription xsi:nil="true"/> <ax2117:identityProviderName>TestIdP</ax2117:identityProviderName> <ax2117:justInTimeProvisioningConfig xsi:nil="true"/> <ax2117:permissionAndRoleConfig xsi:nil="true"/> <ax2117:primary>false</ax2117:primary> <ax2117:provisioningConnectorConfigs xsi:type="ax2117:ProvisioningConnectorConfig">... </ax2117:provisioningConnectorConfigs> <ax2117:provisioningRole xsi:nil="true"/> </ns:return> </ns:getAllIdentityProvidersResponse> </soapenv:Body> </soapenv:Envelope>
getAllLocalAuthenticators
Permission Level: /permission/admin/manage
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:getAllLocalAuthenticators/> </soapenv:Body> </soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:getAllLocalAuthenticatorsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2115="http://core.carbon.wso2.org/xsd" xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd" xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd" xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd"> <ns:return xsi:type="ax2117:LocalAuthenticatorConfig" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2117:displayName>basic</ax2117:displayName> <ax2117:enabled>false</ax2117:enabled> <ax2117:name>BasicAuthenticator</ax2117:name> <ax2117:valid>true</ax2117:valid> </ns:return> <ns:return xsi:type="ax2117:LocalAuthenticatorConfig" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2117:displayName>iwa</ax2117:displayName> <ax2117:enabled>false</ax2117:enabled> <ax2117:name>IWAAuthenticator</ax2117:name> <ax2117:valid>true</ax2117:valid> </ns:return> </ns:getAllLocalAuthenticatorsResponse> </soapenv:Body> </soapenv:Envelope>
getAllLocalClaimUris
Permission Level: /permission/admin/manage
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:getAllLocalClaimUris/> </soapenv:Body> </soapenv:Envelope>
Response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:getAllLocalClaimUrisResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2115="http://core.carbon.wso2.org/xsd" xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd" xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd" xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd"> <ns:return>http://wso2.org/claims/otherphone</ns:return> <ns:return>http://wso2.org/claims/dob</ns:return> <ns:return>http://wso2.org/claims/primaryChallengeQuestion</ns:return> <ns:return>http://wso2.org/claims/role</ns:return> <ns:return>http://wso2.org/claims/challengeQuestion1</ns:return> <ns:return>http://wso2.org/claims/telephone</ns:return> <ns:return>http://wso2.org/claims/mobile</ns:return> <ns:return>http://wso2.org/claims/country</ns:return> <ns:return>http://wso2.org/claims/challengeQuestionUris</ns:return> <ns:return>http://wso2.org/claims/postalcode</ns:return> <ns:return>http://wso2.org/claims/challengeQuestion2</ns:return> <ns:return>http://wso2.org/claims/identity/accountLocked</ns:return> <ns:return>http://wso2.org/claims/nickname</ns:return> <ns:return>http://wso2.org/claims/streetaddress</ns:return> <ns:return>http://wso2.org/claims/url</ns:return> <ns:return>http://wso2.org/claims/givenname</ns:return> <ns:return>http://wso2.org/claims/emailaddress</ns:return> <ns:return>http://wso2.org/claims/oneTimePassword</ns:return> <ns:return>http://wso2.org/claims/region</ns:return> <ns:return>http://wso2.org/claims/gender</ns:return> <ns:return>http://wso2.org/claims/fullname</ns:return> <ns:return>http://wso2.org/claims/passwordTimestamp</ns:return> <ns:return>http://wso2.org/claims/title</ns:return> <ns:return>http://wso2.org/claims/locality</ns:return> <ns:return>http://wso2.org/claims/stateorprovince</ns:return> <ns:return>http://wso2.org/claims/im</ns:return> <ns:return>http://wso2.org/claims/organization</ns:return> <ns:return>http://wso2.org/claims/lastname</ns:return> </ns:getAllLocalClaimUrisResponse> </soapenv:Body> </soapenv:Envelope>
getAllRequestPathAuthenticators
Permission Level: /permission/admin/manage
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:getAllRequestPathAuthenticators/> </soapenv:Body> </soapenv:Envelope>
Response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:getAllRequestPathAuthenticatorsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2115="http://core.carbon.wso2.org/xsd" xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd" xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd" xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd"> <ns:return xsi:type="ax2117:RequestPathAuthenticatorConfig" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2117:displayName>basic-auth</ax2117:displayName> <ax2117:enabled>false</ax2117:enabled> <ax2117:name>BasicAuthRequestPathAuthenticator</ax2117:name> <ax2117:valid>true</ax2117:valid> </ns:return> <ns:return xsi:type="ax2117:RequestPathAuthenticatorConfig" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2117:displayName>oauth-bearer</ax2117:displayName> <ax2117:enabled>false</ax2117:enabled> <ax2117:name>OAuthRequestPathAuthenticator</ax2117:name> <ax2117:valid>true</ax2117:valid> </ns:return> </ns:getAllRequestPathAuthenticatorsResponse> </soapenv:Body> </soapenv:Envelope>
getApplication
Permission Level: /permission/admin/manage
Input parameters
Parameter | Type | Description |
---|---|---|
applicationName | String | Name of the application |
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:getApplication> <!--Optional:--> <xsd:applicationName>TestSP</xsd:applicationName> </xsd:getApplication> </soapenv:Body> </soapenv:Envelope>
Response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:getApplicationResponse xmlns:ns="http://org.apache.axis2/xsd"> <ns:return xsi:type="ax2117:ServiceProvider" xmlns:ax2115="http://core.carbon.wso2.org/xsd" xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd" xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd"> <ax2117:applicationID>4</ax2117:applicationID> <ax2117:applicationName>TestSP</ax2117:applicationName> <ax2117:claimConfig xsi:type="ax2117:ClaimConfig">... </ax2117:claimConfig> <ax2117:description>Description</ax2117:description> <ax2117:inboundAuthenticationConfig xsi:type="ax2117:InboundAuthenticationConfig"> ... </ax2117:inboundAuthenticationConfig> <ax2117:localAndOutBoundAuthenticationConfig xsi:type="ax2117:LocalAndOutboundAuthenticationConfig"> ...</ax2117:localAndOutBoundAuthenticationConfig> <ax2117:outboundProvisioningConfig xsi:type="ax2117:OutboundProvisioningConfig"> .. </ax2117:outboundProvisioningConfig> <ax2117:owner xsi:type="ax2117:User"> ... </ax2117:owner> <ax2117:permissionAndRoleConfig xsi:type="ax2117:PermissionsAndRoleConfig"/> <ax2117:saasApp>true</ax2117:saasApp> </ns:return> </ns:getApplicationResponse> </soapenv:Body> </soapenv:Envelope>
getIdentityProvider
Permission Level: /permission/admin/manage
Input parameters
Parameter | Type | Description |
---|---|---|
federatedIdPName | String | Name of the identity provider |
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:getIdentityProvider> <!--Optional:--> <xsd:federatedIdPName>TestIdP</xsd:federatedIdPName> </xsd:getIdentityProvider> </soapenv:Body> </soapenv:Envelope>
Response:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:getIdentityProvidersResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2115="http://core.carbon.wso2.org/xsd" xmlns:ax2114="http://mgt.application.identity.carbon.wso2.org/xsd" xmlns:ax2120="http://common.application.identity.carbon.wso2.org/xsd" xmlns:ax2117="http://model.common.application.identity.carbon.wso2.org/xsd"> <ns:return xsi:type="ax2117:IdentityProvider" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2117:alias xsi:nil="true"/> <ax2117:certificate xsi:nil="true"/> <ax2117:claimConfig xsi:nil="true"/> <ax2117:defaultAuthenticatorConfig xsi:nil="true"/> <ax2117:defaultProvisioningConnectorConfig xsi:nil="true"/> <ax2117:displayName xsi:nil="true"/> <ax2117:enable>true</ax2117:enable> <ax2117:federatedAuthenticatorConfigs xsi:type="ax2117:FederatedAuthenticatorConfig"> ...</ax2117:federatedAuthenticatorConfigs> <ax2117:federationHub>false</ax2117:federationHub> <ax2117:homeRealmId xsi:nil="true"/> <ax2117:identityProviderDescription xsi:nil="true"/> <ax2117:identityProviderName>TestIdP</ax2117:identityProviderName> <ax2117:justInTimeProvisioningConfig xsi:nil="true"/> <ax2117:permissionAndRoleConfig xsi:nil="true"/> <ax2117:primary>false</ax2117:primary> <ax2117:provisioningConnectorConfigs xsi:type="ax2117:ProvisioningConnectorConfig">... </ax2117:provisioningConnectorConfigs> <ax2117:provisioningRole xsi:nil="true"/> </ns:return> </ns:getIdentityProvidersResponse> </soapenv:Body> </soapenv:Envelope>