Identity Management API

These endpoints allow to interact with the configured identity provider.

Please note, that not all functions are supported by all identity providers. In case a function is not supported, an UnsupportedOperationException gets thrown. All calls - except the GET methods - are logged in the audit log.

Method Endpoint

Method	Endpoint
`GET`	`/cxf/bpc-core/im/users`
Description Get a list of all users as JSON. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, query-users
Returns The requested data as JSON. Example response `[ { "id": "bpcadmin", "userName": "bpcadmin", "displayName": "bpcadmin", "firstName": "Timo", "lastName": "Virt", "email": "bpcadmin@example.com" }, { "id": "of", "userName": "of", "displayName": "of", "firstName": "Oliver", "lastName": "Fürniß", "email": "of@virtimo.de" } ]` HTTP Status Code `200` : OK `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USERS_READ`
`POST`	`/cxf/bpc-core/im/users`
Description Add a user by providing the data as JSON in the body. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users Example body `{ "id": "42", "password": "1234567890", "firstName": "Hans", "lastName": "Schmidt", "email": "hans.schmidt@example.com" }`
Consumes `application/json`
Returns HTTP Status Code `200` : OK `400` : Failure due to one of the following reasons: Mandatory user id not given Mandatory password not given User password does not meet the requirements `503` : Not supported by the used identity provider
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USERS_ADD`
`PUT`	`/cxf/bpc-core/im/users/{userId}`
Description Update a user by providing the data as JSON in the body. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users Example body `{ "firstName": "Hans", "lastName": "Test", "email": "hans.test@example.com" }`
Consumes `application/json`
Path Parameter `userId` the ID of the user to update
Returns HTTP Status Code `200` : OK `404` : The user with the given id was not found `503` : Not supported by the used identity provider
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USERS_UPDATE`
`PATCH`	`/cxf/bpc-core/im/users/{userId}`
Description Update the password of a user. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users Example form `password=<new password>`
Path Parameter `userId` the ID of the user
Form Parameter `password` the users new password
Returns HTTP Status Code `200` : OK `400` : The given password does not meet the requirements `404` : The user with the given id was not found `503` : Not supported by the used identity provider
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USERS_UPDATE`
`DELETE`	`/cxf/bpc-core/im/users/{userId}`
Description Delete a user. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users
Path Parameter `userId` the ID of the user to delete
Returns HTTP Status Code `200` : OK `404` : The user does not exist `503` : Not supported by the used identity provider
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USERS_UPDATE`
`GET`	`/cxf/bpc-core/im/organisations`
Description Get all organisations as a JSON array. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, view-users, query-groups
Query Parameter `detailedInfo` TODO Default is `false`.
Returns The requested data. Example response `[ "virtimo", "users", "admins" ]` HTTP Status Code `200` : OK `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights A logged in user, API Key or access token is required.
`GET`	`/cxf/bpc-core/im/organisations/{orgName}/users`
Description Get all users of an organisation as a JSON array. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, view-users, query-groups
Path Parameter `orgName` the name of the organisation
Returns The requested data. Example response `[ { "id": "bpcadmin", "userName": "bpcadmin", "displayName": "bpcadmin", "firstName": "Timo", "lastName": "Virt", "email": "timovirt@virtimo.de" } ]` HTTP Status Code `200` : OK `404` : Organisation does not exist `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_ORGANISATIONS_USERS_READ`
`GET`	`/cxf/bpc-core/im/organisations/{orgName}/mapped-roles`
Description Get the mapped roles of an organisation as a JSON array. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-realm, view-realm, view-users
Path Parameter `orgName` the name of the organisation
Returns The requested data. Example response `[ "bpcadmin", "bpcuser" ]` HTTP Status Code `200` : OK `404` : Organisation does not exist `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_ORGANISATION_READ`
`POST`	`/cxf/bpc-core/im/organisations/{orgName}/mapped-roles/{roleName}`
Description Add a role to an organisation. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (manage-users AND view-realm AND view-client)
Consumes `application/json`
Path Parameter `orgName` the name of the organisation `roleName` the name of the role
Returns HTTP Status Code `200` : OK `404` : The organisation or role does not exist `503` : Not supported by the used identity provider
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_ORGANISATIONS_UPDATE`
`DELETE`	`/cxf/bpc-core/im/organisations/{orgName}/mapped-roles/{roleName}`
Description Remove a role from an organisation. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (manage-users AND view-realm AND view-client)
Consumes `application/json`
Path Parameter `orgName` the name of the organisation `roleName` the name of the role
Returns HTTP Status Code `200` : OK `404` : The organisation or role does not exist `503` : Not supported by the used identity provider
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_ORGANISATIONS_UPDATE`
`POST`	`/cxf/bpc-core/im/organisations/{orgName}`
Description Add an organisation. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users
Path Parameter `orgName` the name of the organisation
Form Parameter `parentOrg` the name of the parent organisation (optional, only supported in Keycloak)
Returns HTTP Status Code `200` : OK `404` : The organisation does not exist `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_ORGANISATIONS_ADD`
`DELETE`	`/cxf/bpc-core/im/organisations/{orgName}`
Description Delete an organisation. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users
Path Parameter `orgName` the name of the organisation
Returns HTTP Status Code `200` : OK `404` : The organisation does not exist `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_ORGANISATIONS_UPDATE`
`GET`	`/cxf/bpc-core/im/roles`
Description Get all roles as a JSON array. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-realm, view-realm, query-clients, query-users, query-groups, query-realms, manage-clients, view-clients
Returns The requested data. Example response `[ "offline_access", "uma_authorization", "uma_protection", "bpcadmin", "bpcuser" ]` HTTP Status Code `200` : OK `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights A logged in user, API Key or access token is required.
`GET`	`/cxf/bpc-core/im/roles/{roleName}/users`
Description Get the users of a role as a JSON array. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, (view-users AND query-users)
Path Parameter `roleName` TODO
Returns The requested data. Example response `[ { "id": "1", "userName": "admin", "displayName": "admin", "firstName": "Timo", "lastName": "Virt", "email": "timo.virt@virtimo.de" } ]` HTTP Status Code `200` : OK `404` : The role does not exist `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_ROLES_USERS_READ`
`GET`	`/cxf/bpc-core/im/roles/{roleName}/mapped-roles`
Description Get mapped roles of a role as a JSON array. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (view-realm AND view-clients)
Path Parameter `roleName` TODO
Returns The requested data. Example response `[ "offline_access", "uma_authorization", "uma_protection", "bpcadmin", "bpcuser" ]` HTTP Status Code `200` : OK `404` : The role does not exist `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_ROLES_READ`
`POST`	`/cxf/bpc-core/im/roles/{roleName}/mapped-roles/{mappedRoleName}`
Description Add a mapped role to a role. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (manage-realm AND manage-clients)
Path Parameter `roleName` TODO `mappedRoleName` TODO
Returns HTTP Status Code `200` : OK `404` : The roles do not exist `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_ROLES_UPDATE`
`DELETE`	`/cxf/bpc-core/im/roles/{roleName}/mapped-roles/{mappedRoleName}`
Description Delete a mapped role from a role. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (manage-realm AND manage-clients)
Path Parameter `roleName` TODO `mappedRoleName` TODO
Returns HTTP Status Code `200` : OK `404` : The roles do not exist `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_ROLES_UPDATE`
`POST`	`/cxf/bpc-core/im/roles/{roleName}`
Description Add a role. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (manage-realm AND manage-clients)
Path Parameter `roleName` TODO
Returns HTTP Status Code `200` : OK `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_ROLES_ADD`
`DELETE`	`/cxf/bpc-core/im/roles/{roleName}`
Description Delete a role. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (manage-realm AND manage-clients)
Path Parameter `roleName` TODO
Returns HTTP Status Code `200` : OK `404` : The role does not exist `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_ROLES_UPDATE`
`GET`	`/cxf/bpc-core/im/rights`
Description Get all rights as a JSON array.
Returns The requested data. Example response `[ "IDENTITY_MANAGER_USER_ORGANISATIONS_READ", "CUSTOM_RIGHT" ]` HTTP Status Code `200` : OK `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights A logged in user, API Key or access token is required.
`GET`	`/cxf/bpc-core/im/rights/{rightName}/users`
Description Get the users of a right as a JSON array.
Path Parameter `rightName` TODO
Returns The requested data. Example response `[ { "id": "1", "userName": "admin", "displayName": "admin", "firstName": "Timo", "lastName": "Virt", "email": "timo.virt@virtimo.de" } ]` HTTP Status Code `200` : OK `404` : The right does not exist `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_RIGHTS_USERS_READ`
`DELETE`	`/cxf/bpc-core/im/rights/{rightName}`
Description Delete a right from all users.
Path Parameter `rightName` TODO
Returns HTTP Status Code `200` : OK `404` : The right does not exist `503` : Not supported by the used identity provider
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_RIGHTS_UPDATE`
`GET`	`/cxf/bpc-core/im/users/{userId}/organisations`
Description Get the organisations of a user as JSON a array. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, (view-users AND query-users)
Path Parameter `userId` the ID of the user
Returns The requested data. Example response `[ "virtimo" ]` HTTP Status Code `200` : OK `404` : The user does not exist `500` : Failure due to one of the following reasons: No identity manager found or another failure `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USER_ORGANISATIONS_READ`
`POST`	`/cxf/bpc-core/im/users/{userId}/organisations`
Description Add an organisation to a user by providing the data as JSON in the body. If the specified organisation does not exist, it is created. Example body `{ "id": "virtimo" }` When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users
Consumes `application/json`
Path Parameter `userId` the ID of the user
Returns HTTP Status Code `200` : OK `400` : Missing organisation name `404` : The user does not exist `500` : Failure due to one of the following reasons: No identity manager found or another failure `503` : Not supported by the used identity provider
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USERS_UPDATE`
`DELETE`	`/cxf/bpc-core/im/users/{userId}/organisations/{organisationName}`
Description Delete the organisation of a user. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users
Path Parameter `userId` the ID of the user `organisationName` the name of the organisation to delete
Returns HTTP Status Code `200` : OK `404` : The user or organisation does not exist `503` : Not supported by the used identity provider
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USERS_UPDATE`
`GET`	`/cxf/bpc-core/im/users/{userId}/roles`
Description Get the roles of a user as a JSON array. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, (view-users AND query-users)
Path Parameter `userId` the id of the user
Query Parameter `includeMappingInfo` if true, return full role objects instead of role names. Default is `false`.
Returns If includeMappingInfo = false, then a list of roles is returned: Example response `[ "EAI Developer", "System Administrator" ]` If includeMappingInfo = true, a list of role objects with fields name and direct (indicating that the role is not inherited by an IDP inheritance) is returned. HTTP Status Code `200` : OK `404` : The user does not exist `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USER_ROLES_READ`
`POST`	`/cxf/bpc-core/im/users/{userId}/roles`
Description Add a role to a user by providing the data as JSON in the body. If the specified role does not exist, it is created. Example body `{ "id": "EAI Developer" }`
Consumes `application/json`
Path Parameter `userId` the ID of the user
Returns HTTP Status Code `200` : OK `400` : Missing role name `404` : The user does not exist `503` : Not supported by the used identity provider
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USERS_UPDATE`
`DELETE`	`/cxf/bpc-core/im/users/{userId}/roles/{roleName}`
Description Delete the role of a user.
Consumes `application/json`
Path Parameter `userId` the ID of the user `roleName` the name of the role to delete
Returns HTTP Status Code `200` : OK `404` : The user or role does not exist `503` : Not supported by the used identity provider
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USERS_UPDATE`
`GET`	`/cxf/bpc-core/im/users/{userId}/rights`
Description Get the rights of a user as a JSON array.
Path Parameter `userId` the id of the user
Returns The requested data. Example response `[ "CUSTOM_RIGHT1", "CUSTOM_RIGHT2" ]` HTTP Status Code `200` : OK `404` : The user does not exist `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USER_RIGHTS_READ`
`POST`	`/cxf/bpc-core/im/users/{userId}/rights`
Description Add a right to a user by providing the data as JSON in the body. If the specified right does not exist, it is created. Example body `{ "id": "CUSTOM_RIGHT3" }`
Consumes `application/json`
Path Parameter `userId` the ID of the user
Returns HTTP Status Code `200` : OK `400` : Missing right name `404` : The user does not exist `503` : Not supported by the used identity provider
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USERS_UPDATE`
`DELETE`	`/cxf/bpc-core/im/users/{userId}/rights/{rightName}`
Description Delete the right of a user.
Consumes `application/json`
Path Parameter `userId` the ID of the user `rightName` the name of the right to delete
Returns HTTP Status Code `200` : OK `404` : The user or right does not exist `503` : Not supported by the used identity provider
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USERS_UPDATE`
`GET`	`/cxf/bpc-core/im/users/{userId}`
Description Get the data of a user. When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, (query-users and view-users)
Path Parameter `userId` the ID of the user
Returns The requested data. Example response `{ "id": "66", "userName": "of", "firstName": "Oliver", "lastName": "Fürniß", "displayName": "of", "email": "of@virtimo.de", "organisations": [ "virtimo" ], "roles": [ "bpcadmin" ], "rights": [ "loadModule_vam", "loadModule_monitor", "loadModule_dashboard" ] }` HTTP Status Code `200` : OK `404` : The user does not exist `503` : Not supported by the used identity provider Content-Type `application/json; charset=UTF-8`
Required Access Rights The logged in user, API Key or access token must have either the following role or right. Role : `IDENTITY_MANAGER_ADMIN` Right : `IDENTITY_MANAGER_USER_READ`

GET

/cxf/bpc-core/im/users

Description

Get a list of all users as JSON.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, query-users

Returns

The requested data as JSON.

Example response

[
  {
    "id": "bpcadmin",
    "userName": "bpcadmin",
    "displayName": "bpcadmin",
    "firstName": "Timo",
    "lastName": "Virt",
    "email": "bpcadmin@example.com"
  },
  {
    "id": "of",
    "userName": "of",
    "displayName": "of",
    "firstName": "Oliver",
    "lastName": "Fürniß",
    "email": "of@virtimo.de"
  }
]

HTTP Status Code

200 : OK
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USERS_READ

POST

/cxf/bpc-core/im/users

Description

Add a user by providing the data as JSON in the body.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users

Example body

{
  "id": "42",
  "password": "1234567890",
  "firstName": "Hans",
  "lastName": "Schmidt",
  "email": "hans.schmidt@example.com"
}

Consumes

application/json

Returns

HTTP Status Code

200 : OK
400 : Failure due to one of the following reasons:
- Mandatory user id not given
- Mandatory password not given
- User password does not meet the requirements
503 : Not supported by the used identity provider

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USERS_ADD

PUT

/cxf/bpc-core/im/users/{userId}

Description

Update a user by providing the data as JSON in the body.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users

Example body

{
  "firstName": "Hans",
  "lastName": "Test",
  "email": "hans.test@example.com"
}

Consumes

application/json

Path Parameter

userId: the ID of the user to update

Returns

HTTP Status Code

200 : OK
404 : The user with the given id was not found
503 : Not supported by the used identity provider

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USERS_UPDATE

PATCH

/cxf/bpc-core/im/users/{userId}

Description

Update the password of a user.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users

Example form

password=<new password>

Path Parameter

userId: the ID of the user

Form Parameter

password: the users new password

Returns

HTTP Status Code

200 : OK
400 : The given password does not meet the requirements
404 : The user with the given id was not found
503 : Not supported by the used identity provider

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USERS_UPDATE

DELETE

/cxf/bpc-core/im/users/{userId}

Description

Delete a user.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users

Path Parameter

userId: the ID of the user to delete

Returns

HTTP Status Code

200 : OK
404 : The user does not exist
503 : Not supported by the used identity provider

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USERS_UPDATE

GET

/cxf/bpc-core/im/organisations

Description

Get all organisations as a JSON array.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, view-users, query-groups

Query Parameter

detailedInfo: TODO Default is false.

Returns

The requested data.

Example response

[
  "virtimo",
  "users",
  "admins"
]

HTTP Status Code

200 : OK
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

A logged in user, API Key or access token is required.

GET

/cxf/bpc-core/im/organisations/{orgName}/users

Description

Get all users of an organisation as a JSON array.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, view-users, query-groups

Path Parameter

orgName: the name of the organisation

Returns

The requested data.

Example response

[
  {
    "id": "bpcadmin",
    "userName": "bpcadmin",
    "displayName": "bpcadmin",
    "firstName": "Timo",
    "lastName": "Virt",
    "email": "timovirt@virtimo.de"
  }
]

HTTP Status Code

200 : OK
404 : Organisation does not exist
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_ORGANISATIONS_USERS_READ

GET

/cxf/bpc-core/im/organisations/{orgName}/mapped-roles

Description

Get the mapped roles of an organisation as a JSON array.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-realm, view-realm, view-users

Path Parameter

orgName: the name of the organisation

Returns

The requested data.

Example response

[
  "bpcadmin",
  "bpcuser"
]

HTTP Status Code

200 : OK
404 : Organisation does not exist
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_ORGANISATION_READ

POST

/cxf/bpc-core/im/organisations/{orgName}/mapped-roles/{roleName}

Description

Add a role to an organisation.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (manage-users AND view-realm AND view-client)

Consumes

application/json

Path Parameter

orgName: the name of the organisation
roleName: the name of the role

Returns

HTTP Status Code

200 : OK
404 : The organisation or role does not exist
503 : Not supported by the used identity provider

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_ORGANISATIONS_UPDATE

DELETE

/cxf/bpc-core/im/organisations/{orgName}/mapped-roles/{roleName}

Description

Remove a role from an organisation.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (manage-users AND view-realm AND view-client)

Consumes

application/json

Path Parameter

orgName: the name of the organisation
roleName: the name of the role

Returns

HTTP Status Code

200 : OK
404 : The organisation or role does not exist
503 : Not supported by the used identity provider

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_ORGANISATIONS_UPDATE

POST

/cxf/bpc-core/im/organisations/{orgName}

Description

Add an organisation.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users

Path Parameter

orgName: the name of the organisation

Form Parameter

parentOrg: the name of the parent organisation (optional, only supported in Keycloak)

Returns

HTTP Status Code

200 : OK
404 : The organisation does not exist
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_ORGANISATIONS_ADD

DELETE

/cxf/bpc-core/im/organisations/{orgName}

Description

Delete an organisation.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users

Path Parameter

orgName: the name of the organisation

Returns

HTTP Status Code

200 : OK
404 : The organisation does not exist
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_ORGANISATIONS_UPDATE

GET

/cxf/bpc-core/im/roles

Description

Get all roles as a JSON array.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-realm, view-realm, query-clients, query-users, query-groups, query-realms, manage-clients, view-clients

Returns

The requested data.

Example response

[
  "offline_access",
  "uma_authorization",
  "uma_protection",
  "bpcadmin",
  "bpcuser"
]

HTTP Status Code

200 : OK
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

A logged in user, API Key or access token is required.

GET

/cxf/bpc-core/im/roles/{roleName}/users

Description

Get the users of a role as a JSON array.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, (view-users AND query-users)

Path Parameter

roleName: TODO

Returns

The requested data.

Example response

[
 {
   "id": "1",
   "userName": "admin",
   "displayName": "admin",
   "firstName": "Timo",
   "lastName": "Virt",
   "email": "timo.virt@virtimo.de"
 }
]

HTTP Status Code

200 : OK
404 : The role does not exist
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_ROLES_USERS_READ

GET

/cxf/bpc-core/im/roles/{roleName}/mapped-roles

Description

Get mapped roles of a role as a JSON array.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (view-realm AND view-clients)

Path Parameter

roleName: TODO

Returns

The requested data.

Example response

[
  "offline_access",
  "uma_authorization",
  "uma_protection",
  "bpcadmin",
  "bpcuser"
]

HTTP Status Code

200 : OK
404 : The role does not exist
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_ROLES_READ

POST

/cxf/bpc-core/im/roles/{roleName}/mapped-roles/{mappedRoleName}

Description

Add a mapped role to a role.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (manage-realm AND manage-clients)

Path Parameter

roleName: TODO
mappedRoleName: TODO

Returns

HTTP Status Code

200 : OK
404 : The roles do not exist
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_ROLES_UPDATE

DELETE

/cxf/bpc-core/im/roles/{roleName}/mapped-roles/{mappedRoleName}

Description

Delete a mapped role from a role.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (manage-realm AND manage-clients)

Path Parameter

roleName: TODO
mappedRoleName: TODO

Returns

HTTP Status Code

200 : OK
404 : The roles do not exist
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_ROLES_UPDATE

POST

/cxf/bpc-core/im/roles/{roleName}

Description

Add a role.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (manage-realm AND manage-clients)

Path Parameter

roleName: TODO

Returns

HTTP Status Code

200 : OK
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_ROLES_ADD

DELETE

/cxf/bpc-core/im/roles/{roleName}

Description

Delete a role.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, (manage-realm AND manage-clients)

Path Parameter

roleName: TODO

Returns

HTTP Status Code

200 : OK
404 : The role does not exist
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_ROLES_UPDATE

GET

/cxf/bpc-core/im/rights

Description

Get all rights as a JSON array.

Returns

The requested data.

Example response

[
  "IDENTITY_MANAGER_USER_ORGANISATIONS_READ",
  "CUSTOM_RIGHT"
]

HTTP Status Code

200 : OK
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

A logged in user, API Key or access token is required.

GET

/cxf/bpc-core/im/rights/{rightName}/users

Description

Get the users of a right as a JSON array.

Path Parameter

rightName: TODO

Returns

The requested data.

Example response

[
 {
   "id": "1",
   "userName": "admin",
   "displayName": "admin",
   "firstName": "Timo",
   "lastName": "Virt",
   "email": "timo.virt@virtimo.de"
 }
]

HTTP Status Code

200 : OK
404 : The right does not exist
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_RIGHTS_USERS_READ

DELETE

/cxf/bpc-core/im/rights/{rightName}

Description

Delete a right from all users.

Path Parameter

rightName: TODO

Returns

HTTP Status Code

200 : OK
404 : The right does not exist
503 : Not supported by the used identity provider

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_RIGHTS_UPDATE

GET

/cxf/bpc-core/im/users/{userId}/organisations

Description

Get the organisations of a user as JSON a array.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, (view-users AND query-users)

Path Parameter

userId: the ID of the user

Returns

The requested data.

Example response

[
  "virtimo"
]

HTTP Status Code

200 : OK
404 : The user does not exist
500 : Failure due to one of the following reasons:
- No identity manager found or another failure
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USER_ORGANISATIONS_READ

POST

/cxf/bpc-core/im/users/{userId}/organisations

Description

Add an organisation to a user by providing the data as JSON in the body. If the specified organisation does not exist, it is created.

Example body

{
  "id": "virtimo"
}

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users

Consumes

application/json

Path Parameter

userId: the ID of the user

Returns

HTTP Status Code

200 : OK
400 : Missing organisation name
404 : The user does not exist
500 : Failure due to one of the following reasons:
- No identity manager found or another failure
503 : Not supported by the used identity provider

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USERS_UPDATE

DELETE

/cxf/bpc-core/im/users/{userId}/organisations/{organisationName}

Description

Delete the organisation of a user.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users

Path Parameter

userId: the ID of the user
organisationName: the name of the organisation to delete

Returns

HTTP Status Code

200 : OK
404 : The user or organisation does not exist
503 : Not supported by the used identity provider

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USERS_UPDATE

GET

/cxf/bpc-core/im/users/{userId}/roles

Description

Get the roles of a user as a JSON array.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, (view-users AND query-users)

Path Parameter

userId: the id of the user

Query Parameter

includeMappingInfo: if true, return full role objects instead of role names. Default is false.

Returns

If includeMappingInfo = false, then a list of roles is returned:

Example response

[
  "EAI Developer",
  "System Administrator"
]

If includeMappingInfo = true, a list of role objects with fields name and direct (indicating that the role is not inherited by an IDP inheritance) is returned.

HTTP Status Code

200 : OK
404 : The user does not exist
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USER_ROLES_READ

POST

/cxf/bpc-core/im/users/{userId}/roles

Description

Add a role to a user by providing the data as JSON in the body. If the specified role does not exist, it is created.

Example body

{
  "id": "EAI Developer"
}

Consumes

application/json

Path Parameter

userId: the ID of the user

Returns

HTTP Status Code

200 : OK
400 : Missing role name
404 : The user does not exist
503 : Not supported by the used identity provider

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USERS_UPDATE

DELETE

/cxf/bpc-core/im/users/{userId}/roles/{roleName}

Description

Delete the role of a user.

Consumes

application/json

Path Parameter

userId: the ID of the user
roleName: the name of the role to delete

Returns

HTTP Status Code

200 : OK
404 : The user or role does not exist
503 : Not supported by the used identity provider

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USERS_UPDATE

GET

/cxf/bpc-core/im/users/{userId}/rights

Description

Get the rights of a user as a JSON array.

Path Parameter

userId: the id of the user

Returns

The requested data.

Example response

[
  "CUSTOM_RIGHT1",
  "CUSTOM_RIGHT2"
]

HTTP Status Code

200 : OK
404 : The user does not exist
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USER_RIGHTS_READ

POST

/cxf/bpc-core/im/users/{userId}/rights

Description

Add a right to a user by providing the data as JSON in the body. If the specified right does not exist, it is created.

Example body

{
  "id": "CUSTOM_RIGHT3"
}

Consumes

application/json

Path Parameter

userId: the ID of the user

Returns

HTTP Status Code

200 : OK
400 : Missing right name
404 : The user does not exist
503 : Not supported by the used identity provider

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USERS_UPDATE

DELETE

/cxf/bpc-core/im/users/{userId}/rights/{rightName}

Description

Delete the right of a user.

Consumes

application/json

Path Parameter

userId: the ID of the user
rightName: the name of the right to delete

Returns

HTTP Status Code

200 : OK
404 : The user or right does not exist
503 : Not supported by the used identity provider

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USERS_UPDATE

GET

/cxf/bpc-core/im/users/{userId}

Description

Get the data of a user.

When used with Keycloak one of these Keycloak roles are needed: admin, realm-admin, manage-users, (query-users and view-users)

Path Parameter

userId: the ID of the user

Returns

The requested data.

Example response

{
  "id": "66",
  "userName": "of",
  "firstName": "Oliver",
  "lastName": "Fürniß",
  "displayName": "of",
  "email": "of@virtimo.de",
  "organisations": [
    "virtimo"
  ],
  "roles": [
    "bpcadmin"
  ],
  "rights": [
    "loadModule_vam",
    "loadModule_monitor",
    "loadModule_dashboard"
  ]
}

HTTP Status Code

200 : OK
404 : The user does not exist
503 : Not supported by the used identity provider

Content-Type

application/json; charset=UTF-8

Required Access Rights

The logged in user, API Key or access token must have either the following role or right.

Role : IDENTITY_MANAGER_ADMIN
Right : IDENTITY_MANAGER_USER_READ