Managing Claims with APIs

The Claim Management component of WSO2 Carbon allows you to map a set of attributes from the underlying user store to a set of defined claims. This section guides you through invoking and working with the ClaimMetadataManagementService and the operations you can work within this service.

Invoking the admin service

The ClaimMetadataManagementService is an admin service of the WSO2 Carbon platform. As admin services are secured to prevent anonymous invocations, you cannot view the WSDL of the admin service by default. Follow the steps given below to view and invoke the admin service:

Set the element <HideAdminServiceWSDLs> to false in <IS_HOME>/repository/conf/carbon.xml file.
```
<HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>
```
Restart WSO2 Identity Server.
If you started the server using the default configurations, copy the following URL to your browser to see the WSDL of the admin service: https://localhost:9443/services/ClaimMetadataManagementService?wsdl.

The default hostname of WSO2 IS is localhost. If you are using a different hostname, make sure to replace localhost with the new hostname.

For more information on WSO2 admin services and how to invoke an admin service using either SoapUI or any other client program, see Calling Admin Services from Apps section in WSO2 Carbon documentation.

Operations included in the API

The following operations are available in the ClaimMetadataManagementService.

addClaimDialect ()

Description

Adds a new claim dialect.

Input Parameters

Parameter	Description
claimDialectURI	The URI which defines the new claim dialect.

Request

Click here to see the request

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
xmlns:ser="http://service.ws.um.carbon.wso2.org" xmlns:xsd="http://api.user.carbon.wso2.org/xsd">
    <soapenv:Header/>
   <soapenv:Body>
      <xsd:addClaimDialect>
         <!--Optional:-->
         <xsd:claimDialect>
            <!--Optional:-->
            <xsd1:claimDialectURI>new dialect</xsd1:claimDialectURI>
         </xsd:claimDialect>
      </xsd:addClaimDialect>
   </soapenv:Body>
</soapenv:Envelope>

Response

Click here to see the response

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:addClaimDialectResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:addClaimDialectResponse>
   </soapenv:Body>
</soapenv:Envelope>

getClaimDialects()

Description	Lists out all the claim dialects which are used.
Input Parameters	None
Request	Click here to see the request <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:getClaimDialects/> </soapenv:Body> </soapenv:Envelope>
Response	Click here to see the response <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:getClaimDialectsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2333="http://base.identity.carbon.wso2.org/xsd" xmlns:ax2336="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd" xmlns:ax2332="http://exception.mgt.metadata.claim.identity.carbon.wso2.org/xsd"> <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2336:claimDialectURI>http://wso2.org/claims</ax2336:claimDialectURI> </ns:return> <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2336:claimDialectURI>http://schemas.xmlsoap.org/ws/2005/05/identity</ax2336:claimDialectURI> </ns:return> <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2336:claimDialectURI>urn:scim:schemas:core:1.0</ax2336:claimDialectURI> </ns:return> <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2336:claimDialectURI>urn:ietf:params:scim:schemas:core:2.0:User</ax2336:claimDialectURI> </ns:return> <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2336:claimDialectURI>http://wso2.org/oidc/claim</ax2336:claimDialectURI> </ns:return> <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2336:claimDialectURI>urn:ietf:params:scim:schemas:core:2.0</ax2336:claimDialectURI> </ns:return> <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2336:claimDialectURI>http://schema.openid.net/2007/05/claims</ax2336:claimDialectURI> </ns:return> <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2336:claimDialectURI>http://axschema.org</ax2336:claimDialectURI> </ns:return> <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2336:claimDialectURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User</ax2336:claimDialectURI> </ns:return> <ns:return xsi:type="ax2336:ClaimDialectDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2336:claimDialectURI>http://abc.org/claims</ax2336:claimDialectURI> </ns:return> </ns:getClaimDialectsResponse> </soapenv:Body> </soapenv:Envelope>

addExternalClaim()

Description

Adds a new claim claim

Input Parameters

Parameter	Description
externalClaimDialectURI	The URI which defines the external claim dialect.
externalClaimUR	The URI of the external claim
mappedLocalClaimURI	The URI of the mapped claim.

Request

Click here to see the request

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:addExternalClaim>
         <!--Optional:-->
         <xsd:externalClaim>
            <!--Optional:-->
            <xsd1:externalClaimDialectURI>external cliam dialect</xsd1:externalClaimDialectURI>
            <!--Optional:-->
            <xsd1:externalClaimURI>external claim uri</xsd1:externalClaimURI>
            <!--Optional:-->
            <xsd1:mappedLocalClaimURI>mapped local claim</xsd1:mappedLocalClaimURI>
         </xsd:externalClaim>
      </xsd:addExternalClaim>
   </soapenv:Body>
</soapenv:Envelope>

Response

Click here to see the response

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:addExternalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:addExternalClaimResponse>
   </soapenv:Body>
</soapenv:Envelope>

addLocalClaim()

Description

Adds a new local claim.

Input Parameters

Parameter	Description
attributeName	The attribute name
userStoreDomain	The user-store domain of the attribute
propertyName	Name of the property
propertyValue	Value of the property
localClaimURI	The URI of the local claim

Request

Click here to see the request

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:addLocalClaim>
         <!--Optional:-->
         <xsd:localClaim>
            <!--Zero or more repetitions:-->
            <xsd1:attributeMappings>
               <!--Optional:-->
               <xsd1:attributeName>email</xsd1:attributeName>
               <!--Optional:-->
               <xsd1:userStoreDomain>primary</xsd1:userStoreDomain>
            </xsd1:attributeMappings>
            <!--Zero or more repetitions:-->
            <xsd1:claimProperties>
               <!--Optional:-->
               <xsd1:propertyName>email</xsd1:propertyName>
               <!--Optional:-->
               <xsd1:propertyValue>www.sample@email.com</xsd1:propertyValue>
            </xsd1:claimProperties>
            <!--Optional:-->
            <xsd1:localClaimURI>http://abc.org/email</xsd1:localClaimURI>
         </xsd:localClaim>
      </xsd:addLocalClaim>
   </soapenv:Body>
</soapenv:Envelope>

Response

Click here to see the response

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:addLocalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:addLocalClaimResponse>
   </soapenv:Body>
</soapenv:Envelope>

getExternalClaims()

Description

Returns all the external claims.

Input Parameters

Parameter	Description
externalClaimDialectURI	The URI which defines the external claim dialect.

Request

Click here to see the request

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:getExternalClaims>
         <!--Optional:-->
         <xsd:externalClaimDialectURI>external claim dialect uri</xsd:externalClaimDialectURI>
      </xsd:getExternalClaims>
   </soapenv:Body>
</soapenv:Envelope>

Response

Click here to see the response

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:getExternalClaimsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2333="http://base.identity.carbon.wso2.org/xsd" xmlns:ax2336="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd" xmlns:ax2332="http://exception.mgt.metadata.claim.identity.carbon.wso2.org/xsd"/>
   </soapenv:Body>
</soapenv:Envelope>

getLocalClaims()

Description	Returns all the local claims available.
Input Parameters	None
Request	Click here to see the request <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd"> <soapenv:Header/> <soapenv:Body> <xsd:getLocalClaims/> </soapenv:Body> </soapenv:Envelope>
Response	Click here to see the reponse <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Body> <ns:getLocalClaimsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2333="http://base.identity.carbon.wso2.org/xsd" xmlns:ax2336="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd" xmlns:ax2332="http://exception.mgt.metadata.claim.identity.carbon.wso2.org/xsd"> <ns:return xsi:type="ax2336:LocalClaimDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2336:attributeMappings xsi:type="ax2336:AttributeMappingDTO"> <ax2336:attributeName>unlockTime</ax2336:attributeName> <ax2336:userStoreDomain>PRIMARY</ax2336:userStoreDomain> </ax2336:attributeMappings> <ax2336:claimProperties xsi:type="ax2336:ClaimPropertyDTO"> <ax2336:propertyName>Description</ax2336:propertyName> <ax2336:propertyValue>Unlock Time</ax2336:propertyValue> </ax2336:claimProperties> <ax2336:claimProperties xsi:type="ax2336:ClaimPropertyDTO"> <ax2336:propertyName>DisplayName</ax2336:propertyName> <ax2336:propertyValue>Unlock Time</ax2336:propertyValue> </ax2336:claimProperties> <ax2336:localClaimURI>http://wso2.org/claims/identity/unlockTime</ax2336:localClaimURI> </ns:return> ...... <ns:return xsi:type="ax2336:LocalClaimDTO" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ax2336:attributeMappings xsi:type="ax2336:AttributeMappingDTO"> <ax2336:attributeName>email</ax2336:attributeName> <ax2336:userStoreDomain>PRIMARY</ax2336:userStoreDomain> </ax2336:attributeMappings> <ax2336:claimProperties xsi:type="ax2336:ClaimPropertyDTO"> <ax2336:propertyName>email</ax2336:propertyName> <ax2336:propertyValue>www.sample@email.com</ax2336:propertyValue> </ax2336:claimProperties> <ax2336:localClaimURI>http://abc.org/email</ax2336:localClaimURI> </ns:return> </ns:getLocalClaimsResponse> </soapenv:Body> </soapenv:Envelope>

removeClaimDialect()

Description

Remove an existing claim dialect.

Input Parameters

Parameter	Description
claimDialectURI	The URI which defines the deleting claim dialect.

Request

Click here to see the request

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:removeClaimDialect>
         <!--Optional:-->
         <xsd:claimDialect>
            <!--Optional:-->
            <xsd1:claimDialectURI>claim dialect uri</xsd1:claimDialectURI>
         </xsd:claimDialect>
      </xsd:removeClaimDialect>
   </soapenv:Body>
</soapenv:Envelope>

Response

Click here to see the response

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:removeClaimDialectResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:removeClaimDialectResponse>
   </soapenv:Body>
</soapenv:Envelope>

removeExternalClaim()

Description

Remove an existing external claim

Input Parameters

Parameter	Description
externalClaimDialectURI	The URI which defines the external claim which need to be deleted.

Request

Click here to see the request

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:removeExternalClaim>
         <!--Optional:-->
         <xsd:externalClaimDialectURI>http://abc.org/email</xsd:externalClaimDialectURI>
         <!--Optional:-->
         <xsd:externalClaimURI>sample@email.com</xsd:externalClaimURI>
      </xsd:removeExternalClaim>
   </soapenv:Body>
</soapenv:Envelope>

Response

Click here to see the response

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:removeExternalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:removeExternalClaimResponse>
   </soapenv:Body>
</soapenv:Envelope>

removeLocalClaim()

Description

Remove an existing local claim.

Input Parameters

Parameter	Description
localClaimURI	The URI which defines the local claim.

Request

Click here to see the request

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:removeLocalClaim>
         <!--Optional:-->
         <xsd:localClaimURI>local claim uri</xsd:localClaimURI>
      </xsd:removeLocalClaim>
   </soapenv:Body>
</soapenv:Envelope>

Response

Click here to see the response

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:removeLocalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:removeLocalClaimResponse>
   </soapenv:Body>
</soapenv:Envelope>

renameClaimDialect()

Description

Renaming an existing claim dialect.

Input Parameters

Parameter	Description
claimDialectURI	The URI which defines the claim dialect.

Request

Click here to see the request

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:renameClaimDialect>
         <!--Optional:-->
         <xsd:oldClaimDialect>
            <!--Optional:-->
            <xsd1:claimDialectURI>old claim dialect uri</xsd1:claimDialectURI>
         </xsd:oldClaimDialect>
         <!--Optional:-->
         <xsd:newClaimDialect>
            <!--Optional:-->
            <xsd1:claimDialectURI>new claim dialect uri</xsd1:claimDialectURI>
         </xsd:newClaimDialect>
      </xsd:renameClaimDialect>
   </soapenv:Body>
</soapenv:Envelope>

Response

Click here to see the response

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:renameClaimDialectResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:renameClaimDialectResponse>
   </soapenv:Body>
</soapenv:Envelope>

updateExternalClaim()

Description

Update an external claim.

Input Parameters

Parameter	Description
externalClaimDialectURI	The URI which defines the external claim dialect.
externalClaimURI	The URI which defines the external claim.
mappedLocalClaimURI	The URI which defines the mapped local claim.

Request

Click here to see the request

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateExternalClaim>
         <!--Optional:-->
         <xsd:externalClaim>
            <!--Optional:-->
            <xsd1:externalClaimDialectURI>external claim dialect</xsd1:externalClaimDialectURI>
            <!--Optional:-->
            <xsd1:externalClaimURI>external claim uri</xsd1:externalClaimURI>
            <!--Optional:-->
            <xsd1:mappedLocalClaimURI>mapped local claim value</xsd1:mappedLocalClaimURI>
         </xsd:externalClaim>
      </xsd:updateExternalClaim>
   </soapenv:Body>
</soapenv:Envelope>

Response

Click here to see the response

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:updateExternalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:updateExternalClaimResponse>
   </soapenv:Body>
</soapenv:Envelope>

updateLocalClaim()

Description

Update a local claim

Input Parameters

Parameter	Description
attributeName	The attribute name
userStoreDomain	The user-store domain
propertyName	The property name
propertyValue	The property value
localClaimURI	The URI which defines the local claim

Request

Click here to see the request

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.mgt.metadata.claim.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updateLocalClaim>
         <!--Optional:-->
         <xsd:localClaim>
            <!--Zero or more repetitions:-->
            <xsd1:attributeMappings>
               <!--Optional:-->
               <xsd1:attributeName>attribute name</xsd1:attributeName>
               <!--Optional:-->
               <xsd1:userStoreDomain>userstore domain</xsd1:userStoreDomain>
            </xsd1:attributeMappings>
            <!--Zero or more repetitions:-->
            <xsd1:claimProperties>
               <!--Optional:-->
               <xsd1:propertyName>property name</xsd1:propertyName>
               <!--Optional:-->
               <xsd1:propertyValue>property value</xsd1:propertyValue>
            </xsd1:claimProperties>
            <!--Optional:-->
            <xsd1:localClaimURI>local claim uri</xsd1:localClaimURI>
         </xsd:localClaim>
      </xsd:updateLocalClaim>
   </soapenv:Body>
</soapenv:Envelope>

Response

Click here to see the response

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:updateLocalClaimResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:rupdateLocalClaimResponse>
   </soapenv:Body>
</soapenv:Envelope>