This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Managing Claims with APIs

The Claim Management component of WSO2 Carbon allows you to map a set of attributes from the underlying user store to a set of defined claims. This section guides you through invoking and working with the  ClaimMetadataManagementService  and the operations you can work within this service.

Invoking the admin service

The ClaimMetadataManagementService is an admin service of the WSO2 Carbon platform. As admin services are secured to prevent anonymous invocations, you cannot view the WSDL of the admin service by default. Follow the steps given below to view and invoke the admin service:

  1. Set the element <HideAdminServiceWSDLs> to false in <IS_HOME>/repository/conf/carbon.xml file.

    <HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>
  2. Restart WSO2 Identity Server.
  3. If you started the server using the default configurations, copy the following URL to your browser to see the WSDL of the admin service: https://localhost:9443/services/ClaimMetadataManagementService?wsdl .

    The default hostname of WSO2 IS is localhost. If you are using a different hostname, make sure to replace localhost with the new hostname.

For more information on WSO2 admin services and how to invoke an admin service using either SoapUI or any other client program, see Calling Admin Services from Apps section in WSO2 Carbon documentation.

Operations included in the API

The following operations are available in the ClaimMetadataManagementService.

addClaimDialect ()
DescriptionAdds a new claim dialect.
Input Parameters
ParameterDescription
claimDialectURI
The URI which defines the new claim dialect.
Request
 Click here to see the request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:ser="http://service.ws.um.carbon.wso2.org" xmlns:xsd="http://api.user.carbon.wso2.org/xsd">
    <soapenv:Header/>
   <soapenv:Body>
      <xsd:addClaimDialect>
         <!--Optional:-->
         <xsd:claimDialect>
            <!--Optional:-->
            <xsd1:claimDialectURI>new dialect</xsd1:claimDialectURI>
         </xsd:claimDialect>
      </xsd:addClaimDialect>
   </soapenv:Body>
</soapenv:Envelope>
Response
 Click here to see the response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:addClaimDialectResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:addClaimDialectResponse>
   </soapenv:Body>
</soapenv:Envelope>
getClaimDialects()
DescriptionLists out all the claim dialects that are used.
Input Parameters

None

Request
 Click here to see the request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:getClaimDialects/>
   </soapenv:Body>
</soapenv:Envelope>
Response
 Click here to see the response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:getClaimDialectsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2333="http://base.identity.carbon.wso2.org/xsd" xmlns:ax2336="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd" xmlns:ax2332="http://exception.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
         <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2336:claimDialectURI>http://wso2.org/claims</ax2336:claimDialectURI>
         </ns:return>
         <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2336:claimDialectURI>http://schemas.xmlsoap.org/ws/2005/05/identity</ax2336:claimDialectURI>
         </ns:return>
         <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2336:claimDialectURI>urn:scim:schemas:core:1.0</ax2336:claimDialectURI>
         </ns:return>
         <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2336:claimDialectURI>urn:ietf:params:scim:schemas:core:2.0:User</ax2336:claimDialectURI>
         </ns:return>
         <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2336:claimDialectURI>http://wso2.org/oidc/claim</ax2336:claimDialectURI>
         </ns:return>
         <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2336:claimDialectURI>urn:ietf:params:scim:schemas:core:2.0</ax2336:claimDialectURI>
         </ns:return>
         <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2336:claimDialectURI>http://schema.openid.net/2007/05/claims</ax2336:claimDialectURI>
         </ns:return>
         <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2336:claimDialectURI>http://axschema.org</ax2336:claimDialectURI>
         </ns:return>
         <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2336:claimDialectURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User</ax2336:claimDialectURI>
         </ns:return>
         <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2336:claimDialectURI>http://abc.org/claims</ax2336:claimDialectURI>
         </ns:return>
      </ns:getClaimDialectsResponse>
   </soapenv:Body>
</soapenv:Envelope>
addExternalClaim()
DescriptionAdds a new claim claim
Input Parameters
ParameterDescription
externalClaimDialectURI
The URI which defines the external claim dialect.
externalClaimUR
The URI of the external claim
mappedLocalClaimURI
The URI of the mapped claim.
Request
 Click here to see the request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:addExternalClaim>
         <!--Optional:-->
         <xsd:externalClaim>
            <!--Optional:-->
            <xsd1:externalClaimDialectURI>external cliam dialect</xsd1:externalClaimDialectURI>
            <!--Optional:-->
            <xsd1:externalClaimURI>external claim uri</xsd1:externalClaimURI>
            <!--Optional:-->
            <xsd1:mappedLocalClaimURI>mapped local claim</xsd1:mappedLocalClaimURI>
         </xsd:externalClaim>
      </xsd:addExternalClaim>
   </soapenv:Body>
</soapenv:Envelope>            
Response
 Click here to see the response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:addExternalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:addExternalClaimResponse>
   </soapenv:Body>
</soapenv:Envelope>     
addLocalClaim()
DescriptionAdds a new local claim.
Input Parameters
ParameterDescription
attributeName
The attribute name
userStoreDomain
The user-store domain of the attribute
propertyName
Name of the property
propertyValue
Value of the property
localClaimURI
The URI of the local claim
Request
 Click here to see the request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:addLocalClaim>
         <!--Optional:-->
         <xsd:localClaim>
            <!--Zero or more repetitions:-->
            <xsd1:attributeMappings>
               <!--Optional:-->
               <xsd1:attributeName>email</xsd1:attributeName>
               <!--Optional:-->
               <xsd1:userStoreDomain>primary</xsd1:userStoreDomain>
            </xsd1:attributeMappings>
            <!--Zero or more repetitions:-->
            <xsd1:claimProperties>
               <!--Optional:-->
               <xsd1:propertyName>email</xsd1:propertyName>
               <!--Optional:-->
               <xsd1:propertyValue>www.sample@email.com</xsd1:propertyValue>
            </xsd1:claimProperties>
            <!--Optional:-->
            <xsd1:localClaimURI>http://abc.org/email</xsd1:localClaimURI>
         </xsd:localClaim>
      </xsd:addLocalClaim>
   </soapenv:Body>
</soapenv:Envelope>         
Response
 Click here to see the response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:addLocalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:addLocalClaimResponse>
   </soapenv:Body>
</soapenv:Envelope>
getExternalClaims()
DescriptionReturns all the external claims.
Input Parameters
ParameterDescription
externalClaimDialectURI
The URI which defines the external claim dialect.
Request
 Click here to see the request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:getExternalClaims>
         <!--Optional:-->
         <xsd:externalClaimDialectURI>external claim dialect uri</xsd:externalClaimDialectURI>
      </xsd:getExternalClaims>
   </soapenv:Body>
</soapenv:Envelope>
Response
 Click here to see the response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:getExternalClaimsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2333="http://base.identity.carbon.wso2.org/xsd" xmlns:ax2336="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd" xmlns:ax2332="http://exception.mgt.metadata.claim.identity.carbon.wso2.org/xsd"/>
   </soapenv:Body>
</soapenv:Envelope>
getLocalClaims()
DescriptionReturns all the local claims available.
Input Parameters

None

Request
 Click here to see the request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:getLocalClaims/>
   </soapenv:Body>
</soapenv:Envelope>
Response
 Click here to see the reponse
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:getLocalClaimsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2333="http://base.identity.carbon.wso2.org/xsd" xmlns:ax2336="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd" xmlns:ax2332="http://exception.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
         <ns:return xsi:type="ax2336:LocalClaimDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2336:attributeMappings xsi:type="ax2336:AttributeMappingDTO">
               <ax2336:attributeName>unlockTime</ax2336:attributeName>
               <ax2336:userStoreDomain>PRIMARY</ax2336:userStoreDomain>
            </ax2336:attributeMappings>
            <ax2336:claimProperties xsi:type="ax2336:ClaimPropertyDTO">
               <ax2336:propertyName>Description</ax2336:propertyName>
               <ax2336:propertyValue>Unlock Time</ax2336:propertyValue>
            </ax2336:claimProperties>
            <ax2336:claimProperties xsi:type="ax2336:ClaimPropertyDTO">
               <ax2336:propertyName>DisplayName</ax2336:propertyName>
               <ax2336:propertyValue>Unlock Time</ax2336:propertyValue>
            </ax2336:claimProperties>
            <ax2336:localClaimURI>http://wso2.org/claims/identity/unlockTime</ax2336:localClaimURI>
         </ns:return>
......
         <ns:return xsi:type="ax2336:LocalClaimDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2336:attributeMappings xsi:type="ax2336:AttributeMappingDTO">
               <ax2336:attributeName>email</ax2336:attributeName>
               <ax2336:userStoreDomain>PRIMARY</ax2336:userStoreDomain>
            </ax2336:attributeMappings>
            <ax2336:claimProperties xsi:type="ax2336:ClaimPropertyDTO">
               <ax2336:propertyName>email</ax2336:propertyName>
               <ax2336:propertyValue>www.sample@email.com</ax2336:propertyValue>
            </ax2336:claimProperties>
            <ax2336:localClaimURI>http://abc.org/email</ax2336:localClaimURI>
         </ns:return>
      </ns:getLocalClaimsResponse>
   </soapenv:Body>
</soapenv:Envelope>

removeClaimDialect()

DescriptionRemove an existing claim dialect.
Input Parameters
ParameterDescription
claimDialectURI
The URI which defines the deleting claim dialect.
Request
 Click here to see the request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:removeClaimDialect>
         <!--Optional:-->
         <xsd:claimDialect>
            <!--Optional:-->
            <xsd1:claimDialectURI>claim dialect uri</xsd1:claimDialectURI>
         </xsd:claimDialect>
      </xsd:removeClaimDialect>
   </soapenv:Body>
</soapenv:Envelope>
Response
 Click here to see the response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:removeClaimDialectResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:removeClaimDialectResponse>
   </soapenv:Body>
</soapenv:Envelope>

removeExternalClaim()

DescriptionRemove an existing external claim
Input Parameters
ParameterDescription
externalClaimDialectURI
The URI which defines the external claim which need to be deleted.

       

Request
 Click here to see the request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:removeExternalClaim>
         <!--Optional:-->
         <xsd:externalClaimDialectURI>http://abc.org/email</xsd:externalClaimDialectURI>
         <!--Optional:-->
         <xsd:externalClaimURI>sample@email.com</xsd:externalClaimURI>
      </xsd:removeExternalClaim>
   </soapenv:Body>
</soapenv:Envelope>
Response
 Click here to see the response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:removeExternalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:removeExternalClaimResponse>
   </soapenv:Body>
</soapenv:Envelope>

removeLocalClaim()

DescriptionRemove an existing local claim.
Input Parameters
ParameterDescription
localClaimURI
The URI which defines the local claim.
Request
 Click here to see the request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:removeLocalClaim>
         <!--Optional:-->
         <xsd:localClaimURI>local claim uri</xsd:localClaimURI>
      </xsd:removeLocalClaim>
   </soapenv:Body>
</soapenv:Envelope>
Response
 Click here to see the response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:removeLocalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:removeLocalClaimResponse>
   </soapenv:Body>
</soapenv:Envelope>

renameClaimDialect()

DescriptionRenaming an existing claim dialect.
Input Parameters
ParameterDescription
claimDialectURI
The URI which defines the claim dialect.
Request
 Click here to see the request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:renameClaimDialect>
         <!--Optional:-->
         <xsd:oldClaimDialect>
            <!--Optional:-->
            <xsd1:claimDialectURI>old claim dialect uri</xsd1:claimDialectURI>
         </xsd:oldClaimDialect>
         <!--Optional:-->
         <xsd:newClaimDialect>
            <!--Optional:-->
            <xsd1:claimDialectURI>new claim dialect uri</xsd1:claimDialectURI>
         </xsd:newClaimDialect>
      </xsd:renameClaimDialect>
   </soapenv:Body>
</soapenv:Envelope>
Response
 Click here to see the response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:renameClaimDialectResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:renameClaimDialectResponse>
   </soapenv:Body>
</soapenv:Envelope>

updateExternalClaim()

DescriptionUpdate an external claim.
Input Parameters
ParameterDescription
externalClaimDialectURI
The URI which defines the external claim dialect.
externalClaimURI
The URI which defines the external claim.
mappedLocalClaimURI
The URI which defines the mapped local claim.
Request
 Click here to see the request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateExternalClaim>
         <!--Optional:-->
         <xsd:externalClaim>
            <!--Optional:-->
            <xsd1:externalClaimDialectURI>external claim dialect</xsd1:externalClaimDialectURI>
            <!--Optional:-->
            <xsd1:externalClaimURI>external claim uri</xsd1:externalClaimURI>
            <!--Optional:-->
            <xsd1:mappedLocalClaimURI>mapped local claim value</xsd1:mappedLocalClaimURI>
         </xsd:externalClaim>
      </xsd:updateExternalClaim>
   </soapenv:Body>
</soapenv:Envelope>
Response
 Click here to see the response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:updateExternalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:updateExternalClaimResponse>
   </soapenv:Body>
</soapenv:Envelope>

updateLocalClaim()

DescriptionUpdate a local claim
Input Parameters
ParameterDescription
attributeName
The attribute name
userStoreDomain
The user-store domain
propertyName
The property name
propertyValue
The property value
localClaimURI
The URI which defines the local claim
Request
 Click here to see the request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateLocalClaim>
         <!--Optional:-->
         <xsd:localClaim>
            <!--Zero or more repetitions:-->
            <xsd1:attributeMappings>
               <!--Optional:-->
               <xsd1:attributeName>attribute name</xsd1:attributeName>
               <!--Optional:-->
               <xsd1:userStoreDomain>userstore domain</xsd1:userStoreDomain>
            </xsd1:attributeMappings>
            <!--Zero or more repetitions:-->
            <xsd1:claimProperties>
               <!--Optional:-->
               <xsd1:propertyName>property name</xsd1:propertyName>
               <!--Optional:-->
               <xsd1:propertyValue>property value</xsd1:propertyValue>
            </xsd1:claimProperties>
            <!--Optional:-->
            <xsd1:localClaimURI>local claim uri</xsd1:localClaimURI>
         </xsd:localClaim>
      </xsd:updateLocalClaim>
   </soapenv:Body>
</soapenv:Envelope>
Response
 Click here to see the response
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:updateLocalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:rupdateLocalClaimResponse>
   </soapenv:Body>
</soapenv:Envelope>