Identity Access Manager (IAM) APIs for adding users - DevTest 10.7.2 SP3
search cancel

Identity Access Manager (IAM) APIs for adding users - DevTest 10.7.2 SP3

book

Article ID: 276866

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

This issue is regarding the ACL DevTest API to add a user.

used the Post acl/user to add a new user by giving the roles and the password, later trying to authenticate the user with POST acl/authenticates and getting a "cannot parse JSON authentication error". 

 

Environment

DevTest 10.7.2 SP3

Cause

N/A

Resolution

1) Login to DevTest/IAM:
It will throw an error if the user is not present. Otherwise, returns an access token that should be used in the subsequent calls.

(Don't change the client_id, grant_type, and client_secret values in the below API)
curl -X POST -k -H 'Content-Type:application/x-www-form-urlencoded' -i "https://localhost:51111/auth/realms/service_virtualization/protocol/openid-connect/token" --data "username=admin&password=admin&client_id=virtual-service-catalog&grant_type=password&client_secret=361b4289-82b2-47e6-aae4-7d179d2e6fdb"

NOTE: where localhost is the machine where IAM is running.

 

2) Create a user:

If successful, it returns 201 without any response.
For example, to create a user with credentials testuser/testuser:
curl -X POST -k -i "https://localhost:51111/auth/admin/realms/service_virtualization/users" -H 'Content-Type:application/json' -H 'Authorization:Bearer <ACCESS_TOKEN>' --data-raw '{"username":"testuser","enabled":true,"firstName":"test","lastName":"user","credentials":[{"type":"password","value":"testuser","temporary":false}]}'

NOTE: where localhost is the machine where IAM is running.

 

3) Get the ID of the above-created user:

If successful, returns user details along with user ID which should be used in the subsequent calls to assign a role to the user. Otherwise, returns 200 and an empty array.

For example, to get the ID of the testuser:
curl -X GET -k -i "https://localhost:51111/auth/admin/realms/service_virtualization/users?username=testuser" -H 'Authorization:Bearer <ACCESS_TOKEN>'

NOTE: where localhost is the machine where IAM is running.

 

4) Get the roles (Optional):
If successful, it returns the list of roles. Use this response to assign role(s) to the user in the next step.

(Don't change the client ID "c9dba509-3e4a-49cf-98b6-666be84d6f70" in the below API URL)
curl -X GET -k -i "https://localhost:51111/auth/admin/realms/service_virtualization/clients/c9dba509-3e4a-49cf-98b6-666be84d6f70/roles" -H 'Authorization:Bearer <ACCESS_TOKEN>'

NOTE: where localhost is the machine where IAM is running.

 

5) Assign a role to the user:

If successful, it returns 204.
For example, to assign a "Guest" role to "testuser" user, provide the name of the role along with its ID in the request payload: (These details can be obtained from the above GET Roles API)

(Don't change the client ID "c9dba509-3e4a-49cf-98b6-666be84d6f70" in the below API URL)
curl -X POST -k -i "https://localhost:51111/auth/admin/realms/service_virtualization/users/<USER_ID>/role-mappings/clients/c9dba509-3e4a-49cf-98b6-666be84d6f70" -H 'Authorization:Bearer <ACCESS_TOKEN>' -H 'Content-Type:application/json' --data-raw '[{"name":"Guest","composite":false,"clientRole":true,"id":"ea693896-c474-4be0-a2ce-444160661258"}]'

NOTE: where localhost is the machine where IAM is running.

 

6) Authenticate the user with Registry:

If successful, it returns 200 with user info.

For example, to authenticate the "testuser" user with Registry after adding the user:
curl -X POST "http://<IPAddress>:1505/api/Dcm/ACL/authenticateAndAuthorize" -H "accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "username=testuser&password=testuser"

NOTE: where <IPAddress> is the machine where the Registry is running.

Additional Information

Refer to section "Using IAM API to Manage Users" in the documentation of the version of DevTest you are running.

Client Id and Client secret are required to get the token from IAM. All these values are stored in /DevTest/IdentityAccessManager/realms-to-import/service_virtualization-realm.json.

The below snippet from service-virtualization-realm.json shows the Container Id (id), Client Id (clientId), and Client Secret(secret).

NOTE: service-virtualization-realm.json contains these values in a readable format.


{
    "id" : "########-####-####-####-############",
    "clientId" : "virtual-service-catalog",
    "name" : "virtual-service-catalog",
    "description" : "Virtual Service Catalog",
    "surrogateAuthRequired" : false,
    "enabled" : true,
    "clientAuthenticatorType" : "client-secret",
    "secret" : "########-####-####-####-############",
…..
…..

Powered by Wolken Software