UserIdentityBackend have two type of available services
- Authenticate applications and users
- Administration of resources:
Details of the API is documented below
Authentication and authorization are XML over HTTP/HTTPS endpoints. (RPC oriented, not resource oriented.)
1. Authenticate application will return an application entity if authentication is successful.
2. Authenticate user will return a user entity if authentication is successful. This operation requires a valid applicationTokenID (application must be authenticated).
- Input: Currently POST is used with UserCredential as xml inputstream in the body. Can/should be changed to a GET operation.
- Output: -UserData-
|ApplicationToken and UserToken is created and managed by [SecurityTokenService] which is the session controller in Whydah.|
Administration of resources (Resources available for UserAdminWebApp - UAWA and UserAdminService - UAS only
There are four resources available: user, users (collection of users), application and applications (collection of applications).
All require valid applicationToken and valid userToken. For applications without logged in users, an application specific system user should be used.
UIB will validate the tokens on every request, but is allowed to keep a cache of tokens to reduce number of round-trips to SecurityTokenService - STS. Caching respects the token timeout values.
- List all:
- Search for applications. Add when needed
- HTTP endpoint available, db, ldap and lucene available.
- 204 - ok, no content
- 5xx Server Error - if db, ldap or lucene is not working.
- STS separate test