import java.io.*;
import java.net.*;
public class OpenSSORest {
private static String serverURL;
private static String tokenId;
private static String username;
public static void main(String[] args) {
if (args.length != 1) {
System.err.println(
"Usage: OpenSSORest server-instance\n");
System.exit(1);
}
serverURL = args[0];
try {
authenticate();
validateToken();
search();
showAttributes();
read("demo", null);
create();
read("test", null);
update();
read("test", "mail");
delete();
logout();
} catch (Exception e) {
e.printStackTrace();
}
}
private static void authenticate()
throws Exception {
System.out.println();
System.out.println("Authenticate to server");
username = getUserInput("username: ");
String password = getUserInput("password: ");
String res = request(new URL(serverURL +
"/identity/authenticate?" +
"username=" + URLEncoder.encode(username, "UTF-8") +
"&password=" +
URLEncoder.encode(password, "UTF-8")));
tokenId = res.substring(9);
tokenId = tokenId.substring(0, tokenId.length() -1);
succeeded();
}
private static void logout()
throws Exception {
System.out.println("Logout");
String res = request(new URL(serverURL +
"/identity/logout?" +
"subjectid=" +
URLEncoder.encode(tokenId, "UTF-8")));
succeeded();
}
private static void validateToken()
throws Exception {
System.out.println("Validate Token ID");
String res = request(new URL(serverURL +
"/identity/isTokenValid?" +
"tokenid=" + URLEncoder.encode(tokenId, "UTF-8")));
succeeded();
}
private static void search()
throws Exception {
System.out.println("Search");
String res = request(new URL(serverURL +
"/identity/search?" +
"filter=*&admin=" +
URLEncoder.encode(tokenId, "UTF-8")));
System.out.println(res);
succeeded();
}
private static void showAttributes()
throws Exception {
System.out.println("Show Attributes");
String res = request(new URL(serverURL +
"/identity/attributes?" +
"subjectid=" +
URLEncoder.encode(tokenId, "UTF-8")));
System.out.println(res);
succeeded();
}
private static void read(String user, String attr)
throws Exception {
System.out.println("Read attributes");
String qattr = (attr != null) ?
"&attributes_names=" + attr : "";
String res = request(new URL(serverURL +
"/identity/read?" +
"name=" + user + "&admin=" +
URLEncoder.encode(tokenId, "UTF-8") +
qattr));
System.out.println(res);
succeeded();
}
private static void create()
throws Exception {
System.out.println("Create user");
String res = request(new URL(serverURL +
"/identity/create?" +
"identity_name=test&admin=" +
URLEncoder.encode(tokenId, "UTF-8") +
"&identity_attribute_names=userpassword" +
"&identity_attribute_values_userpassword=123" +
"&identity_realm=" + URLEncoder.encode("/", "UTF-8") +
"&identity_type=User"
));
succeeded();
}
private static void update()
throws Exception {
System.out.println("Change email address");
String res = request(new URL(serverURL +
"/identity/update?" +
"identity_name=test&admin=" +
URLEncoder.encode(tokenId, "UTF-8") +
"&identity_attribute_names=mail" +
"&identity_attribute_values_mail=test@example.com"
));
succeeded();
}
private static void delete()
throws Exception {
System.out.println("Delete user");
String res = request(new URL(serverURL +
"/identity/delete?" +
"identity_name=test&admin=" +
URLEncoder.encode(tokenId, "UTF-8") +
"&identity_type=User"));
succeeded();
}
private static void succeeded() {
System.out.println("Succeeded");
System.out.println();
System.out.println();
}
public static String getUserInput(String message)
throws IOException {
String userInput = null;
BufferedReader in = new BufferedReader(
new InputStreamReader(System.in));
System.out.print(message);
userInput = in.readLine();
return userInput;
}
public static String request(URL url)
throws Exception {
System.out.println(url.toString());
URLConnection conn = url.openConnection();
BufferedReader dis = new BufferedReader(
new InputStreamReader(conn.getInputStream()));
StringBuffer buff = new StringBuffer();
String inputLine;
while ((inputLine = dis.readLine()) != null) {
buff.append(inputLine).append("\n");
}
dis.close();
return buff.toString();
}
}
Run it
[dennis@localhost rest]$ javac OpenSSORest.java
[dennis@localhost rest]$ OpenSSORest http://vanessa.red.iplanet.com:8080/opensso
Authenticate to server
username: amadmin
password: 11111111
http://vanessa.red.iplanet.com:8080/opensso/identity/authenticate?username=amadmin&password=11111111
Succeeded
Validate Token ID
http://vanessa.red.iplanet.com:8080/opensso/identity/isTokenValid?tokenid=AQIC5wM2LY4SfczAfhqbpbll3ldjGn3AU5ignOqmR82DzDw%3D%40AAJTSQACMDE%3D%23
Succeeded
Search
http://vanessa.red.iplanet.com:8080/opensso/identity/search?filter=*&admin=AQIC5wM2LY4SfczAfhqbpbll3ldjGn3AU5ignOqmR82DzDw%3D%40AAJTSQACMDE%3D%23
string=amAdmin
string=amldapuser
string=dsameuser
string=anonymous
string=amService-URLAccessAgent
string=demo
Succeeded
Show Attributes
http://vanessa.red.iplanet.com:8080/opensso/identity/attributes?subjectid=AQIC5wM2LY4SfczAfhqbpbll3ldjGn3AU5ignOqmR82DzDw%3D%40AAJTSQACMDE%3D%23
userdetails.token.id=AQIC5wM2LY4SfczAfhqbpbll3ldjGn3AU5ignOqmR82DzDw=@AAJTSQACMDE=#
userdetails.attribute.name=iplanet-am-user-alias-list
userdetails.attribute.name=sunIdentityMSISDNNumber
userdetails.attribute.name=employeeNumber
userdetails.attribute.name=telephoneNumber
userdetails.attribute.name=iplanet-am-user-success-url
userdetails.attribute.name=givenName
userdetails.attribute.value=amAdmin
userdetails.attribute.name=mail
userdetails.attribute.name=roles
userdetails.attribute.value=Top-level Admin Role
userdetails.attribute.name=sn
userdetails.attribute.value=amAdmin
userdetails.attribute.name=dn
userdetails.attribute.value=uid=amAdmin,ou=people,dc=opensso,dc=java,dc=net
userdetails.attribute.name=cn
userdetails.attribute.value=amAdmin
userdetails.attribute.name=postalAddress
userdetails.attribute.name=iplanet-am-user-failure-url
userdetails.attribute.name=inetUserStatus
userdetails.attribute.value=Active
Succeeded
Read attributes
http://vanessa.red.iplanet.com:8080/opensso/identity/read?name=demo&admin=AQIC5wM2LY4SfczAfhqbpbll3ldjGn3AU5ignOqmR82DzDw%3D%40AAJTSQACMDE%3D%23
identitydetails.name=demo
identitydetails.type=user
identitydetails.realm=dc=opensso,dc=java,dc=net
identitydetails.attribute=
identitydetails.attribute.name=sn
identitydetails.attribute.value=demo
identitydetails.attribute=
identitydetails.attribute.name=universalid
identitydetails.attribute.value=id=demo,ou=user,dc=opensso,dc=java,dc=net
identitydetails.attribute=
identitydetails.attribute.name=objectclass
identitydetails.attribute.value=sunFederationManagerDataStore
identitydetails.attribute.value=iplanet-am-user-service
identitydetails.attribute.value=top
identitydetails.attribute.value=iplanet-am-managed-person
identitydetails.attribute.value=sunIdentityServerLibertyPPService
identitydetails.attribute.value=iPlanetPreferences
identitydetails.attribute.value=inetorgperson
identitydetails.attribute.value=person
identitydetails.attribute.value=organizationalPerson
identitydetails.attribute.value=inetuser
identitydetails.attribute.value=sunFMSAML2NameIdentifier
identitydetails.attribute=
identitydetails.attribute.name=cn
identitydetails.attribute.value=demo
identitydetails.attribute=
identitydetails.attribute.name=uid
identitydetails.attribute.value=demo
identitydetails.attribute=
identitydetails.attribute.name=userpassword
identitydetails.attribute.value={SSHA}rOG2r03XzcYHwAG4rABAz8FpDEle15FMSUcsAQ==
identitydetails.attribute=
identitydetails.attribute.name=inetuserstatus
identitydetails.attribute.value=Active
Succeeded
Create user
http://vanessa.red.iplanet.com:8080/opensso/identity/create?identity_name=test&admin=AQIC5wM2LY4SfczAfhqbpbll3ldjGn3AU5ignOqmR82DzDw%3D%40AAJTSQACMDE%3D%23&identity_attribute_names=userpassword&identity_attribute_values_userpassword=123&identity_realm=%2F&identity_type=User
Succeeded
Read attributes
http://vanessa.red.iplanet.com:8080/opensso/identity/read?name=test&admin=AQIC5wM2LY4SfczAfhqbpbll3ldjGn3AU5ignOqmR82DzDw%3D%40AAJTSQACMDE%3D%23
identitydetails.name=test
identitydetails.type=user
identitydetails.realm=dc=opensso,dc=java,dc=net
identitydetails.attribute=
identitydetails.attribute.name=sn
identitydetails.attribute.value=test
identitydetails.attribute=
identitydetails.attribute.name=universalid
identitydetails.attribute.value=id=test,ou=user,dc=opensso,dc=java,dc=net
identitydetails.attribute=
identitydetails.attribute.name=objectclass
identitydetails.attribute.value=sunFederationManagerDataStore
identitydetails.attribute.value=iplanet-am-user-service
identitydetails.attribute.value=top
identitydetails.attribute.value=iplanet-am-managed-person
identitydetails.attribute.value=sunIdentityServerLibertyPPService
identitydetails.attribute.value=iPlanetPreferences
identitydetails.attribute.value=inetorgperson
identitydetails.attribute.value=person
identitydetails.attribute.value=organizationalPerson
identitydetails.attribute.value=inetuser
identitydetails.attribute.value=sunFMSAML2NameIdentifier
identitydetails.attribute=
identitydetails.attribute.name=cn
identitydetails.attribute.value=test
identitydetails.attribute=
identitydetails.attribute.name=uid
identitydetails.attribute.value=test
identitydetails.attribute=
identitydetails.attribute.name=userpassword
identitydetails.attribute.value={SSHA}DsnALc8j11O9krdjfrId/xxCtv+qOM06zBc2CQ==
identitydetails.attribute=
identitydetails.attribute.name=inetuserstatus
identitydetails.attribute.value=Active
Succeeded
Change email address
http://vanessa.red.iplanet.com:8080/opensso/identity/update?identity_name=test&admin=AQIC5wM2LY4SfczAfhqbpbll3ldjGn3AU5ignOqmR82DzDw%3D%40AAJTSQACMDE%3D%23&identity_attribute_names=mail&identity_attribute_values_mail=test@example.com
Succeeded
Read attributes
http://vanessa.red.iplanet.com:8080/opensso/identity/read?name=test&admin=AQIC5wM2LY4SfczAfhqbpbll3ldjGn3AU5ignOqmR82DzDw%3D%40AAJTSQACMDE%3D%23&attributes_names=mail
identitydetails.name=test
identitydetails.type=user
identitydetails.realm=dc=opensso,dc=java,dc=net
identitydetails.attribute=
identitydetails.attribute.name=mail
identitydetails.attribute.value=test@example.com
Succeeded
Delete user
http://vanessa.red.iplanet.com:8080/opensso/identity/delete?identity_name=test&admin=AQIC5wM2LY4SfczAfhqbpbll3ldjGn3AU5ignOqmR82DzDw%3D%40AAJTSQACMDE%3D%23&identity_type=User
Succeeded
Logout
http://vanessa.red.iplanet.com:8080/opensso/identity/logout?subjectid=AQIC5wM2LY4SfczAfhqbpbll3ldjGn3AU5ignOqmR82DzDw%3D%40AAJTSQACMDE%3D%23
Succeeded
How I can call authenticate with realm?
I create user in /default/customer realm and try to authenticate this user using this call.
/opensso/identity/authenticate?username=user000000&password=pwd000000&&identity_realm=/default/customer
I get error
I am looking at the source code (If you have OpenSSO source code, check this out).
opensso/products/amserver/
source/com/sun/identity/idsvcs/opensso/IdentityServicesImpl.java
Line 136
if (uri != null) {
// Parse the uri parameters for realm, module, etc
// TODO
}
realm is supposed to be figured out from &uri query parameter,
however the implementation is missing.
FYI, there is an issue file on this
https://opensso.dev.java.net/issues/show_bug.cgi?id=3775
Maybe we will implement this feature and post code to OpenSSO