user.external
Description
If you are using IPA integration to allow authentication of users from an external IPA server (rare) the users will still need to be created in the #product() database. Methods in this namespace allow you to configure some specifics of how this happens, like what organization they are created in or what roles they will have. These options can also be set in the web admin interface.
Namespace:
user.external
Method: createExternalGroupToRoleMap
HTTP POST
Description:
Externally authenticated users may be members of external groups. You can use these groups to assign additional roles to the users when they log in. Can only be called by a #product() Administrator.
Parameters:
-
string sessionKey
-
string name - Name of the external group. Must be unique.
-
string array roles - role - Can be any of: satellite_admin, org_admin (implies all other roles except for satellite_admin), channel_admin, config_admin, system_group_admin, or activation_key_admin.
Returns:
-
* struct external group
-
string "name"
-
string array "roles" - role
-
Method: createExternalGroupToSystemGroupMap
HTTP POST
Description:
Externally authenticated users may be members of external groups. You can use these groups to give access to server groups to the users when they log in. Can only be called by an org_admin.
Parameters:
-
string sessionKey
-
string name - Name of the external group. Must be unique.
-
string array groupNames - the names of the server groups to grant access to.
Returns:
-
* struct external group
-
string "name"
-
string array "groups" - roles
-
Method: deleteExternalGroupToRoleMap
HTTP POST
Description:
Delete the role map for an external group. Can only be called by a #product() Administrator.
Parameters:
-
string sessionKey
-
string name - Name of the external group.
Returns:
-
int - 1 on success, exception thrown otherwise.
Method: deleteExternalGroupToSystemGroupMap
HTTP POST
Description:
Delete the server group map for an external group. Can only be called by an org_admin.
Parameters:
-
string sessionKey
-
string name - Name of the external group.
Returns:
-
int - 1 on success, exception thrown otherwise.
Method: getDefaultOrg
HTTP GET
Description:
Get the default org that users should be added in if orgunit from IPA server isn’t found or is disabled. Can only be called by a #product() Administrator.
Parameters:
-
string sessionKey
Returns:
-
int id - ID of the default organization. 0 if there is no default
Method: getExternalGroupToRoleMap
HTTP GET
Description:
Get a representation of the role mapping for an external group. Can only be called by a #product() Administrator.
Parameters:
-
string sessionKey
-
string name - Name of the external group.
Returns:
-
* struct external group
-
string "name"
-
string array "roles" - role
-
Method: getExternalGroupToSystemGroupMap
HTTP GET
Description:
Get a representation of the server group mapping for an external group. Can only be called by an org_admin.
Parameters:
-
string sessionKey
-
string name - Name of the external group.
Returns:
-
* struct external group
-
string "name"
-
string array "groups" - roles
-
Method: getKeepTemporaryRoles
HTTP GET
Description:
Get whether we should keeps roles assigned to users because of their IPA groups even after they log in through a non-IPA method. Can only be called by a #product() Administrator.
Parameters:
-
string sessionKey
Returns:
-
boolean keep - True if we should keep roles after users log in through non-IPA method, false otherwise
Method: getUseOrgUnit
HTTP GET
Description:
Get whether we place users into the organization that corresponds to the "orgunit" set on the IPA server. The orgunit name must match exactly the #product() organization name. Can only be called by a #product() Administrator.
Parameters:
-
string sessionKey
Returns:
-
boolean use - True if we should use the IPA orgunit to determine which organization to create the user in, false otherwise
Method: listExternalGroupToRoleMaps
HTTP GET
Description:
List role mappings for all known external groups. Can only be called by a #product() Administrator.
Parameters:
-
string sessionKey
Returns:
-
array :
-
struct external group
-
string "name"
-
string array "roles" - role
-
Method: listExternalGroupToSystemGroupMaps
HTTP GET
Description:
List server group mappings for all known external groups. Can only be called by an org_admin.
Parameters:
-
string sessionKey
Returns:
-
array :
-
struct external group
-
string "name"
-
string array "groups" - roles
-
Method: setDefaultOrg
HTTP POST
Description:
Set the default org that users should be added in if orgunit from IPA server isn’t found or is disabled. Can only be called by a #product() Administrator.
Parameters:
-
string sessionKey
-
int orgId - ID of the organization to set as the default org. 0 if there should not be a default organization.
Returns:
-
int - 1 on success, exception thrown otherwise.
Method: setExternalGroupRoles
HTTP POST
Description:
Update the roles for an external group. Replace previously set roles with the ones passed in here. Can only be called by a #product() Administrator.
Parameters:
-
string sessionKey
-
string name - Name of the external group.
-
string array roles - role - Can be any of: satellite_admin, org_admin (implies all other roles except for satellite_admin), channel_admin, config_admin, system_group_admin, or activation_key_admin.
Returns:
-
int - 1 on success, exception thrown otherwise.
Method: setExternalGroupSystemGroups
HTTP POST
Description:
Update the server groups for an external group. Replace previously set server groups with the ones passed in here. Can only be called by an org_admin.
Parameters:
-
string sessionKey
-
string name - Name of the external group.
-
string array groupNames - the names of the server groups to grant access to.
Returns:
-
int - 1 on success, exception thrown otherwise.
Method: setKeepTemporaryRoles
HTTP POST
Description:
Set whether we should keeps roles assigned to users because of their IPA groups even after they log in through a non-IPA method. Can only be called by a #product() Administrator.
Parameters:
-
string sessionKey
-
boolean keepRoles - True if we should keep roles after users log in through non-IPA method, false otherwise.
Returns:
-
int - 1 on success, exception thrown otherwise.
Method: setUseOrgUnit
HTTP POST
Description:
Set whether we place users into the organization that corresponds to the "orgunit" set on the IPA server. The orgunit name must match exactly the #product() organization name. Can only be called by a #product() Administrator.
Parameters:
-
string sessionKey
-
boolean useOrgUnit - true if we should use the IPA orgunit to determine which organization to create the user in, false otherwise.
Returns:
-
int - 1 on success, exception thrown otherwise.