RESTインタフェース †
- OpenAM は、REST インタフェースで認証を行うことができる
- REST : HTTP GET や POST を使って処理要求を行う方式
認証(token発行) †
$ curl -d "username=ichiro&password=ichiro123" \
http://localhost:9080/openam/identity/authenticate
token.id=AQIC5wM2LY4SfcyfzTdB0Vj1iwV1q38QzwdsZ8Vo0hZRyx4.*AAJTSQACMDE.*
- これはブラウザで次のようにしたのと同じ
- トップレベル以外の realm の場合には username=ichiro&password=ichiro123&realm=/sales/tempstaff/ という様に realm パラメータを追加
token チェック †
$ curl -d "tokenid=AQIC5wM2LY4SfcyfzTdB0Vj1iwV1q38QzwdsZ8Vo0hZRyx4.*AAJTSQACMDE.*" \
http://localhost:9080/openam/identity/isTokenValid
boolean=true
ユーザ属性参照 †
$ curl -d "attribute_names=*&subjectid=AQIC5wM2LY4SfcyfzTdB0Vj1iwV1q38QzwdsZ8Vo0hZRyx4.*AAJTSQACMDE.*" \
http://localhost:9080/openam/identity/attributes
userdetails.token.id=AQIC5wM2LY4SfcyfzTdB0Vj1iwV1q38QzwdsZ8Vo0hZRyx4.*AAJTSQACMDE.*
userdetails.role=id=executive,ou=group,dc=opensso,dc=java,dc=net
userdetails.attribute.name=uid
userdetails.attribute.value=ichiro
userdetails.attribute.name=userpassword
userdetails.attribute.value={SSHA}u7vbdp84R71rV3dGbDDyf7FKRxmqvV/NVqdHWQ==
userdetails.attribute.name=sn
userdetails.attribute.value=Tanaka
userdetails.attribute.name=cn
userdetails.attribute.value=田中一朗
userdetails.attribute.name=givenname
userdetails.attribute.value=Ichiro
userdetails.attribute.name=inetuserstatus
userdetails.attribute.value=Active
userdetails.attribute.name=dn
userdetails.attribute.value=uid=ichiro,ou=people,dc=opensso,dc=java,dc=net
userdetails.attribute.name=objectclass
userdetails.attribute.value=person
userdetails.attribute.value=sunIdentityServerLibertyPPService
userdetails.attribute.value=inetorgperson
userdetails.attribute.value=sunFederationManagerDataStore
userdetails.attribute.value=iPlanetPreferences
userdetails.attribute.value=iplanet-am-auth-configuration-service
userdetails.attribute.value=organizationalperson
userdetails.attribute.value=sunFMSAML2NameIdentifier
userdetails.attribute.value=inetuser
userdetails.attribute.value=iplanet-am-managed-person
userdetails.attribute.value=iplanet-am-user-service
userdetails.attribute.value=sunAMAuthAccountLockout
userdetails.attribute.value=top
logout (token無効化) †
$ curl -d "subjectid=AQIC5wM2LY4SfcyfzTdB0Vj1iwV1q38QzwdsZ8Vo0hZRyx4.*AAJTSQACMDE.*" \
http://localhost:9080/openam/identity/logout
Java#OpenAM