Reserved Attributes
"id" is a reserved attribute referring to the internal id of an object.
Intrinsic Attributes
Each object has a set of intrinsic attributes that are predefined by the system.
User Defined Attributes
Every object may contain a set of user defined attributes.
Attribute Name should NOT contain whitespace, dash and special characters, but may contain underscore. Attribute Name is case sensitive.
Attribute can be a basic data type, an object or a collection. An attribute can be referenced in the format of "objectName.attributeName". Following are some examples:
- user.id user's ID
- user.domain.id user's domain ID
- role.scopes.domain.id an array of role's domain ID
- policy.options an array of policy options
Attribute Properties
Property |
Type |
values |
default |
mandate |
name |
string |
|
|
true |
description |
string |
|
|
|
type |
string |
STRING |
STRING |
|
tags |
string |
|
|
|
external |
boolean |
|
true |
|
multiple |
boolean |
|
false |
|
readOnly |
boolean |
|
false |
|
required |
boolean |
|
true |
|
encrypted |
boolean |
|
false |
|
searchable |
boolean |
|
true |
|
system |
boolean |
|
false |
|
mapsTo |
string |
|
|
|
defaultValue |
string |
|
|
|
immutable |
boolean |
|
false |
|
intrinsic |
boolean |
|
|
|
label |
string |
|
|
|
comment |
string |
|
|
|
Available attribute types:
STRING, TEXT, BINARY, BOOLEAN, INTEGER, LONG, DOUBLE, FLOAT, DATE, ENUM, PASSWORD, EMAIL, TELEPHONE, URL, OBJECT, COLLECTION
Notes:
- An attribute must belong to an object. Therefore, every Attribute API must specify the Object's Name.
- Intrinsic attributes cannot be deleted.
/attribute/create
To create an attribute. On success, the method returns the internal id of the newly created attribute .
Example: to create an Identity Attribute (aka, User Attribute)
Parameters:
{
"objectName":"user"
"attrs":
{
"identitySource.id":the id of the owner Identity Source,
"name":attribute name,
"type":data type of the attribute
"external":true/false
…
"mapsTo":mapping nameif external
"defaultValue":default value if internal
}
}
Response: {"error":0,"result":{"id":2}}
/attribute/delete
To delete an identity attribute. On success, the method returns error 0 with no result.
Example: to delete an identity attribute.
Parameters:
{
"objectName":"user",
"id":the id of the attribute to be deleted
}
Response:
{
"error":0,
}
/attribute/set
To change an identity attribute's properties. On success, the method returns error 0 with no result.
Example: to set an identity attribute's properties.
Parameters:
{
"objectName":"user",
"id":the id of the attribute to be deleted
"attrs":
{
"name":to change the name
"type":data type of the attribute
"external":true/false
…
"mapsTo":mapping name if external
"defaultValue":default value if internal
}
}
Response:
{
"error":0,
}
/attribute/get
To retrieve an attribute's properties. On success, the method returns the set of properties
Example: to retrieve an identity attribute's properties.
Parameters:
{
"match":
{
["objectName","=", "user"],
["identitySource.id", "=","Identity Source id"],
["name", "=","the name of the attribute to be retrieved"]
},
"return":["*"],
}
Response:
{
"error":0,
"result":
{
"name":attribute name
"type":data type of the attribute
"external":true/false
…
"mapsTo":mapping nameif external
"defaultValue":default value if internal
}
}
/attribute/search
To retrieve a list of attributes of a specified object.
Example: to retrieve a list of identity attributes.
Parameters:
{
"match":
{
["objectName","=", "user"],
["identitySource.id", "=","Identity Source id"]
},
"return":["name", "type"],
"sort":"name",
"order":"asc",
}
Response:
{
"error":0,
"result":
[
{
"name":attribute name
"type":data type of the attribute
},
{
"name":attribute name
"type":data type of the attribute
}
]
}