Skip to end of metadata
Comment: Migrated to Confluence 4.0
Go to start of metadata

The UserDataService provides operations to manage users and related entities such as email, phone, and address.

UserDataService Operations

  • getPhoneList
  • removePhone
  • removeAllEmailAddresses
  • updateEmailAddress
  • addEmailAddress
  • getAddressList
  • getSupervisors
  • updateSupervisor
  • removeNote
  • getDefaultAddress
  • getAllAttributes
  • getUserWithDependent
  • getAllNotes
  • removeAddress
  • getAttribute
  • updateUserWithDependent
  • getSupervisor
  • removeUser
  • getUserByPrincipal
  • updateAttribute
  • getUserAsMap
  • getAddressById
  • removeAllAttributes
  • getPrimarySupervisor
  • removeAllNotes
  • search
  • removeAllPhones
  • addUser
  • addAttribute
  • getAddressMap
  • addUserWithDependent
  • updatePhone
  • updateAddress
  • getEmailAddressByName
  • findUserByOrganization
  • addPhone
  • findUsersByLastUpdateRange
  • getPhoneById
  • addPhoneSet
  • getEmailAddressList
  • addNote
  • addAddressSet
  • getNote
  • getPhoneMap
  • getEmailAddressMap
  • updateNote
  • getEmployees
  • getPhoneByName
  • getAddressByName
  • updateUser
  • removeEmailAddress
  • removeAttribute
  • getDefaultPhone
  • addSupervisor
  • removeSupervisor
  • getEmailAddressById
  • addEmailAddressSet
  • addAddress
  • removeAllAddresses
  • getDefaultEmailAddress
  • findUsersByStatus

Endpoint Address:
http://<hostname>/openiam-idm-esb/idmsrvc/UserDataService

Wsdl:
{urn:idm.openiam.org./srvc/user/service}UserDataWebService

Target namespace:
urn:idm.openiam.org/srvc/user/service

Users within OpenIAM are associated with a STATUS that indicates the state they are in. The follow is a list of out of the box status codes that a user can be associated with:

Status Code

Description

active

User is active.

inactive

User is inactive. User goes into this state if they have not logged in for a period of time that is controlled by the policy.

pending_start_date

User has been approved but is pending a start date

pending_approval

Request for a user is pending approval

approval_declined

Request for a user has been declined.

pending_user_validation

User record needs to be validated.

pending_initial_login

User has been approved, but is pending an initial login.

terminate

User has been terminated.

deleted

User has been deleted. This is a logical delete

retired

User has retired.

leave

User is on leave, sabbatical, etc.

The user record also contains a SECONDARY_STATUS that allows you to control the behavior of a user without impacting a over state of the user. These codes include:

Status Code

Description

locked

Account is locked.

disabled

Account is disabled.

Service Operations

Operation Name: addUserWithDependant(User user, boolean dependency)

Parameters:

  • User user
  • boolean dependency: Determines dependent objects should be processed as part of the request.

Return:

  • User - the returned object will contain the system generated userId.

addUser allows you to create a new user with in the OpenIAM repository. To create a new user, you need to populate a User object and pass it to this operation. While creating a user, its possible to also associated the following objects with a user and have them created within a single transaction:

  • Attributes
  • Email Address
  • Phone
  • Address
  • Principals

Key Fields:

  • The userId is system generated and should not be assigned.
  • MetadataTypeId : If this is assigned, then a value should exist in the METADATA_TYPE type. There is a Foreign key constraint here.

Sample Request:

Sample Response:

Operation Name: getUserWithDependent(String id, boolean dependents)

Parameters:

  • String id
  • boolean dependents

Return:

  • User

The getUserWithDependent method retrieves a user based on the user's id.  The id in this case is the unique identifier stored within OpenIAM.  If the dependent's flag is set to true, the system will retrieve dependent objects such as user attributes, address, phone and email.

Sample Request:

Sample Response:

Operation Name: getUserByPrincipal(String securityDomain, String principalName)

Parameters:

  • String securityDomain
  • String principalName

Return:

  • Subject

getUserByPrincipal retrieves a user base on their principal name.  A user can have multiple identities in OpenIAM.  These are referred to as "identities" or "principal names".  This feature allows OpenIAM to capture situations where each managed system may have a different identity.

Operation Name: search(UserSearch search)

Parameters:

  • UserSearch search

Return:

  • List of Users contained in a UserListResponse object.

search allows to search the OpenIAM user repository based on a number of parameters which are shown in the table below.

Field Name

Description

firstName

 

lastName

 

nickName

 

status

Status of the user

deptCd

Department Code

phoneAreaCd

Area code

phoneNbr

Phone number. Excludes Area Code unless it has been stored with the phone number

employeeId

 

groupIdList

List of groups that a user can belong to

roleIdList

List of roles that a user can belong to

emailAddress

 

;

orgId

Organization Id

principal

Principal or login id. If a login is specified then the DomainId should be specified as well. If its ommited then, the domain Id will default to 0 or the ID id of default security domain

domainId

Security domain Id

attributeName

Name of the user attribute that you want to search on.

attributeValue

Value of an attribute that you want to search on.

attributeElementId

MetadataElement that you want to search on. This is the metadata component that is associated with an attribute.

userId

Search by the system generated Id for a user. This is different from the principal

Sample Request

Labels:
None
Edit Labels