User Credentials and Data | Legacy REST Web Services
The user interface mainly provides access to user data that is needed by DirX Access and which cannot be stored in the corporate repository. The data is stored in the Application Repository and correlated with users in the corporate repository. The user entity provides the user data for:
-
One-Time Password - Callback credentials
-
One-Time Password - RFC4226 credentials (HOTP)
-
One-Time Password - RFC6238 credentials (TOTP)
The user entity provides also read-only access to corporate directory. The LDAP values are mapped to DirX Access Attributes within the Subject Template configuration object.
Description
OData4 Metadata
GET {legacy_rest_web_application_location}/user/$metadata|
The user entity is deprecated. Please use DirX Access SCIM service. The SCIM service is intended for data manipulation in the DirX Access Application Repository. For more information, please see the documentation for DirX Access SCIM service. |
Properties
The following table shows the user entity properties:
| Property | Type | Read / Write | Description |
|---|---|---|---|
|
|
RW |
The identifier of the user entity used for the request (usually loginName). |
|
|
RW |
The Application Repository user data for the One-Time Password - Callback configuration. |
|
|
RW |
The Application Repository user data for the One-Time Password - RFC4226 configuration (HOTP). |
|
|
RW |
The Application Repository user data for the One-Time Password – RFC6238 configuration (TOTP). |
|
|
R |
The corporate repository value of an attribute used for naming users. |
|
|
R |
The corporate repository value of an attribute used for descriptive information about a user. |
|
|
R |
The corporate repository value of an attribute used for the first name of a user. |
|
|
R |
The corporate repository value of an attribute used for the last name of a user. |
|
|
R |
The corporate repository value of an attribute used for the common name of a user. |
|
|
R |
The corporate repository value of an attribute used for the mail address. |
|
|
R |
The corporate repository value of an attribute used for the DirX Access alternative subject identifiers of a user. |
|
|
R |
The corporate repository value of an attribute used for the DirX Access role assignments of a user. |
|
|
R |
The corporate repository value of an attribute used to store the last login date of a user. |
|
|
R |
The corporate repository value of an attribute used to store the number of consecutive login failures. |
|
|
R |
The corporate repository value of an attribute used to store status of a used account. |
|
|
R |
The corporate repository value of an attribute used to store the locale of a user. |
|
|
R |
The corporate repository value of an attribute used to store the expiration date of a user account. |
|
|
R |
The corporate repository value of an attribute used to store the flag for account expiration. |
|
|
R |
The corporate repository value of an attribute used to store the flag for account lock. |
|
|
R |
The corporate repository value of an attribute used to store the expiration date of a user password. |
|
|
R |
The corporate repository value of an attribute used to store the creation date of a user password. |
|
|
R |
The corporate repository value of an attribute used to store the flag for password expiration. |
|
|
R |
The corporate repository value of an attribute used to store the flag for password lock. |
The following table shows net.atos.dirx.access. Complex Type properties:
odata4.user.OtpCallback
| Property | Type | Read / Write | Description |
|---|---|---|---|
|
|
RW |
The authentication method configuration to which the OTP Callback credentials belong. |
|
|
RW |
Optional communication address of the user (for example, “mail” or “mobile” for extra use cases). The communication address is usually taken from the corporate repository based on the “Communication address attribute name” of an authentication method configuration. |
|
|
RW |
The number of login failures for the One-Time Password – Callback authentication method. |
The following table shows net.atos.dirx.access. Complex Type properties:
odata4.user.Rfc4226
| Property | Type | Read / Write | Description |
|---|---|---|---|
|
|
RW |
The authentication method configuration to which the OTP RFC4226 credentials belong. |
|
|
RW |
The hexadecimal value of the shared secret according to RFC4226. |
|
|
RW |
The counter value according to RFC4226. |
|
|
RW |
The number of login failures for the One-Time Password - RFC4226 authentication method. |
The following table shows net.atos.dirx.access. Complex Type properties:
odata4.user.Rfc6238
| Property | Type | Read / Write | Description |
|---|---|---|---|
|
|
RW |
The authentication method configuration to which the OTP RFC6238 credentials belong. |
|
|
RW |
The hexadecimal value of the shared secret according to RFC6238. |
|
|
RW |
The time-drift value according to RFC6238. |
|
|
RW |
The number of login failures for the One-Time Password – RFC6238 authentication method. |
Addressing
The user entity can be addressed by the loginName property; for example,
/odata4/user/Users('Willa Sy').
User entities can be addressed; for example:
/odata4/user/Users
Reading functionality is by default limited up to 100 entities in the DirX Access User service.
In exceptional cases, the limit can be extended with the system query option ($top).
Be aware that the functionality depends on the configuration.
/odata4/user/Users?$count=true&$top=1000
It is strictly recomended to use filtering with system query options when you want to query all user entities because most of the time you can read just partial results (HTTP response code 206).
Filtering can be performed with the $filter system query option; for example:
/odata4/user/Users?$count=true&$filter=startswith(loginName,%27Willa%27)
/odata4/user/Users?$count=true&$filter=endswith(loginName,%27b%27)
/odata4/user/Users?$count=true&$filter=contains(loginName,%27bb%27)
Supported Operations
The following operations are supported.
-
Create (HTTP method POST) - to create additional user data in the DirX Access Application Repository (the data is not stored in the corporate repository).
-
Read (HTTP method GET) - to read all user data.
-
Modify (HTTP method PATCH) - to modify additional user data in the DirX Access Application Repository.
-
Delete (HTTP method DELETE) - to delete additional user data in the DirX Access Application Repository.
Examples
The following examples use the simple command line tool cURL.
Create New User With RFC4226 Data
curl -u dirxaccessadmin:dirxaccess -H "Content-Type: application/json" -X POST --data @createUserPost.txt http://my-server.my-company.example:11114/odata4/user/UsersRequest body
{
"loginName": "Geir Denton",
"rfc4226s": [
{
"authnMethodId": "RFC 4226 Authentication",
"sharedSecret": "3132333435363738393031323334353637383930",
"counter": "000000000000000"
}
]
}Result
{
"@odata.context": "http://my-server.my-company.example:11114/odata4/user/$metadata#Users/$entity",
"loginName": "Geir Denton",
"otpCallbacks": [],
"rfc4226s": [
{
"authnMethodId": "RFC 4226 Authentication",
"sharedSecret": "3132333435363738393031323334353637383930",
"counter": "000000000000000",
"nbLoginFailures": 0
}
],
"rfc6238s": [],
"userNaming": "Geir Denton",
"description": "This is Geir Denton's description",
"firstName": "Geir",
"lastName": "Denton",
"commonName": "Geir Denton",
"email": "Geir_Denton@Airiuscom.com",
"altSubjectIds": [
"otp:rfc4226:sharedSecret=rdI...4BeA==:counter=0000000000000001:nbLoginFailures=3"
],
"roleList": [
"cn=User,ou=Role,ou=Administration,ou=RBAC,ou=Policy,ou=DirX Access,ou=My-Company,cn=config",
"cn=Intranet Manager Accounting,ou=Role,ou=Business,ou=RBAC,ou=Policy,ou=DirX Access,ou=My-Company,cn=config"
],
"lastLoginDate": "2016-04-07T11:53:45.000 UTC",
"nbConsecutiveLoginFailures": "0",
"status": "",
"locale": "en",
"accountExpirationDate": "2034-01-18T13:05:42.000 UTC",
"accountExpired": "false",
"accountLocked": "false",
"passwordExpirationDate": "2034-06-04T12:05:42.000 UTC",
"passwordCreationDate": "2007-01-18T13:05:42.000 UTC",
"passwordExpired": "false",
"passwordLocked": "false"
}Modify User’s RFC4226 Data Only
curl -u dirxaccessadmin:dirxaccess -H "Content-Type: application/json" -X PATCH --data @modifyGeirDentonPatch1.txt http://my-server.my-company.example:11114/odata4/user/Users('Geir Denton')Request body
{
"loginName": "Geir Denton",
"rfc4226s": [
{
"authnMethodId": "RFC 4226 Authentication",
"sharedSecret": "3132333435363738393031323334353637383930",
"counter": "000000000000000"
}
]
}Modify User’s RFC6238 Data Only
curl -u dirxaccessadmin:dirxaccess -H "Content-Type: application/json" -X PATCH --data @modifyGeirDentonPatch2.txt http://my-server.my-company.example:11114/odata4/user/Users('Geir Denton')Request body
{
"loginName": "Geir Denton",
"rfc6238s": [
{
"authnMethodId": "RFC 6238 Authentication",
"sharedSecret": "3132333435363738393031323334353637383930",
"timeDrift": 5
}
]
}Clean User’s Data
curl -u dirxaccessadmin:dirxaccess -H "Content-Type: application/json" -X PATCH --data @updateOtpCallbacksPatch.txt http://my-server.my-company.example:11114/odata4/user/Users('Geir Denton')