Admin REST APIs#

Overview#

Gluu Server 4.1.x offers REST APIs for the oxTrust Admin GUI. With the REST API, server configurations can be automated, new GUIs can be built to expose specific admin functionality, and other integrations can be created for the Gluu admin portal.

VM Installation instructions#

Add the REST API extension to an existing Gluu 4.1.x deployment by following these steps:

Inside the Gluu chroot, navigate to /custom/libs/.
In this folder, download the .jar file corresponding to the Gluu Server CE 4.1 version currently installed:
- 4.1.0.Final
Navigate to /opt/gluu/jetty/identity/webapps/.
Create a file called identity.xml if it does not already exist.

Add the following to identity.xml:

<?xml version="1.0"  encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">

<Configure class="org.eclipse.jetty.webapp.WebAppContext">
  <Set name="contextPath">/identity</Set>
  <Set name="war"><Property name="jetty.webapps" default="."/>/identity.war</Set>
  <Set name="extractWAR">true</Set>

  <Set name="extraClasspath">./custom/libs/[jarName].jar</Set>
</Configure>

On the second to last line, replace [jarName] with the name of the .jar file downloaded in step 2.
Restart the identity service.

Kubernetes and Docker instructions#

Overview#

The following sections are guides on how to access oxTrust API using within Gluu Server container deployment. See below oxTrust API docs for reference.

Prerequisites#

gluufederation/config-init:4.0.1_05 image (test mode client is introduced).
gluufederation/persistence:4.0.1_05 image (enable oxTrust API upon deployment).
gluufederation/oxauth:4.0.1_05 image.
gluufederation/oxtrust:4.0.1_05 image.

Available API Modes#

The oxTrust API has two modes that administrators can configure according to need.

Test Mode#

Note

Test mode is not recommended for production. Choose UMA mode instead.

Set environment variable GLUU_OXTRUST_API_ENABLED=true and GUU_OXTRUST_API_TEST_MODE=true when running gluufederation/persistence container to enable oxTrust API:

docker run \
    --rm \
    --name persistence \
    -e GLUU_CONFIG_CONSUL_HOST=consul \
    -e GLUU_SECRET_VAULT_HOST=vault \
    -e GLUU_PERSISTENCE_TYPE=ldap \
    -e GLUU_PERSISTENCE_LDAP_MAPPING=default \
    -e GLUU_LDAP_URL=ldap:1636 \
    -e GLUU_OXTRUST_API_ENABLED=true \
    -e GLUU_OXTRUST_API_TEST_MODE=true \
    -v $PWD/vault_role_id.txt:/etc/certs/vault_role_id \
    -v $PWD/vault_secret_id.txt:/etc/certs/vault_secret_id \
    gluufederation/persistence:4.1.0_01

If using kubernetes pygluu-kubernetes.pyz answer yes to both the following prompts:

Enable oxTrust Api         [N]?[Y/N]                               y
Enable oxTrust Test Mode [N]?[Y/N]                                 y

Alternatively, enable the features using oxTrust UI.

Navigate to Configuration > Manage Custom Scripts, Under UMA RPT Policies, select and enable the custom script named oxtrust_api_access_policy
Navigate to Configuration > JSON Configuration, select oxTrust Configuration tab Search for the field named oxTrustApiTestMode, set it to True and save the change.

Obtain Test mode client credentials from config and secret backends.
1. Grab api_test_client_id from config backend; in this example, we're getting 0008-b52a8524-35b2-4835-968e-481a366be8cd as its value. This is the client ID.
2. Grab api_test_client_secret from secret backend; in this example, we're getting TVtZwLZxp25XFDelMJNDQsa8 as its value. This is the client secret.

Get token from Gluu Server; in this example we're using https://demoexample.gluu.org.

curl -k -u '0008-b52a8524-35b2-4835-968e-481a366be8cd:TVtZwLZxp25XFDelMJNDQsa8' \
    https://demoexample.gluu.org/oxauth/restv1/token \
    -d grant_type=client_credentials

The response example:

{
    "access_token": "0d14102c-70e5-485c-8b64-e56f1ecfcf3e",
    "token_type": "bearer",
    "expires_in": 299
}

Extract the access_token value (in this case, 0d14102c-70e5-485c-8b64-e56f1ecfcf3e is the token).

Make request to oxTrust API endpoints:

curl -k -H 'Authorization: Bearer 0d14102c-70e5-485c-8b64-e56f1ecfcf3e' \
    https://demoexample.gluu.org/identity/restv1/api/v1/groups

If succeed, the output is similar to the following:

[
    {
        "status": "ACTIVE",
        "displayName": "Gluu Manager Group",
        "description": "This group is for administrative purpose, with full acces to users",
        "members": [
            "inum=04f0d0e9-a609-4a0a-9580-ebd981a49a61,ou=people,o=gluu"
        ],
        "inum": "60B7",
        "owner": null,
        "organization": null,
        "iname": null
    }
]

UMA Mode#

Set environment variable GLUU_OXTRUST_API_ENABLED=true when running gluufederation/persistence container to enable oxTrust API:

docker run \
    --rm \
    --name persistence \
    -e GLUU_CONFIG_CONSUL_HOST=consul \
    -e GLUU_SECRET_VAULT_HOST=vault \
    -e GLUU_PERSISTENCE_TYPE=ldap \
    -e GLUU_PERSISTENCE_LDAP_MAPPING=default \
    -e GLUU_LDAP_URL=ldap:1636 \
    -e GLUU_OXTRUST_API_ENABLED=true \
    -e GLUU_OXTRUST_API_TEST_MODE=false \
    -v $PWD/vault_role_id.txt:/etc/certs/vault_role_id \
    -v $PWD/vault_secret_id.txt:/etc/certs/vault_secret_id \
    gluufederation/persistence:4.1.0_01

If using kubernetes pygluu-kubernetes.pyz answer Y to enabling oxTrust API and N to enabling Test Mode.

Enable oxTrust Api         [N]?[Y/N]                               y
Enable oxTrust Test Mode [N]?[Y/N]                                 N

Alternatively, enable the features using oxTrust UI.

Navigate to Configuration > Manage Custom Scripts, Under UMA RPT Policies, select and enable the custom script named oxtrust_api_access_policy

Make request to oxTrust API (in this example, we're going to use https://demoexample.gluu.org URL), for example:
```
curl -k -I https://demoexample.gluu.org/identity/restv1/api/v1/groups
```
The request is rejected due to unauthenticated client and the response headers will be similar as the following:
```
HTTP/1.1 401 Unauthorized
WWW-Authenticate: UMA realm="Authorization required", host_id=demoexample.gluu.org, as_uri=https://demoexample.gluu.org/.well-known/uma2-configuration, ticket=ed5d9fa7-7117-4fc0-85c2-17a064448dc8
```
Extract the ticket from WWW-Authenticate header; in this example the ticket is ed5d9fa7-7117-4fc0-85c2-17a064448dc8.
Copy api-rp.jks and api-rp-keys.json from oxAuth container into host:
```
docker cp oxauth:/etc/certs/api-rp.jks api-rp.jks \
    && docker cp oxauth:/etc/certs/api-rp-keys.json api-rp-keys.json
```
In kubernetes get the oxauth pod name and use the following commands:

sh kubectl cp oxauth-acsacsd2123:etc/certs/api-rp.jks api-rp.jks \ && kubectl cp oxauth-acsacsd2123:etc/certs/api-rp-keys.json api-rp-keys.json

Determine algorithm for signing JWT string, i.e. RS256.

Here's an example of api-rp-keys.json contents:

{
    "keys": [
        {
            "kty": "RSA",
            "e": "AQAB",
            "use": "sig",
            "crv": "",
            "kid": "777c0619-802c-480d-9432-a5e25f85867a_sig_rs256",
            "x5c": ["MIIDAzCCAeugAwIBAgIgIoDkhKXYZG5/LDPoUEUBxLpvsUDwL+OEzkAMuMpglzLH6g9dDUyGVEh8iRg=="],
            "exp": 1606219942910,
            "alg": "RS256",
            "n": "r3LItabzy3Lg0SXf_6EZ1oANjyYQ_HCEj-r5cynyD7dnAQdXvkRLVMAby0EAoCaeEo_QkU79BCOY6o2w"
        }
    ]
}

Make sure alg value is RS256. Grab the kid value (in this example 777c0619-802c-480d-9432-a5e25f85867a_sig_rs256).

Grab keystore password from secret backend where key is api_rp_client_jks_pass. In this example, we're getting secret as its value.

Convert api-rp.jks to api-rp.pkcs12 (delete existing api-rp.pkcs12 file if any):

keytool -importkeystore \
    -srckeystore api-rp.jks \
    -srcstorepass secret  \
    -srckeypass secret \
    -srcalias 777c0619-802c-480d-9432-a5e25f85867a_sig_rs256 \
    -destalias 777c0619-802c-480d-9432-a5e25f85867a_sig_rs256 \
    -destkeystore api-rp.pkcs12 \
    -deststoretype PKCS12 \
    -deststorepass secret \
    -destkeypass secret

Extract public and private key pair from api-rp.pkcs12:

openssl pkcs12 -in api-rp.pkcs12 -nodes -out api-rp.pem -passin pass:secret

Here's an example of generated api-rp.pem:

Bag Attributes
    friendlyName: d405b162-fb5d-4e9f-81cd-4edcb0db486a_sig_rs256
    localKeyID: 54 69 6D 65 20 31 35 37 35 31 37 34 30 33 35 32 33 30
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCwvKNUOZxaOcRB
wwFtCJIqoqnaPYA0kfJEnnnm
-----END PRIVATE KEY-----
Bag Attributes
    friendlyName: d405b162-fb5d-4e9f-81cd-4edcb0db486a_sig_rs256
    localKeyID: 54 69 6D 65 20 31 35 37 35 31 37 34 30 33 35 32 33 30
subject=/CN=oxAuth CA Certificates
issuer=/CN=oxAuth CA Certificates
-----BEGIN CERTIFICATE-----
MIIDAzCCAeugAwIBAgIgAPS1X/1F5GFLp8xNYLbw9zs34TOwSd2Kz++dZHRijIkw
grfXl0CuwA==
-----END CERTIFICATE-----

Grab the string starts with -----BEGIN PRIVATE KEY----- and ends with -----END PRIVATE KEY-----. This is the private key.

Prepare data for generating JWT string.
1. Header
```
{
    "typ": "JWT",
    "alg": "RS256",
    "kid": "777c0619-802c-480d-9432-a5e25f85867a_sig_rs256"
}
```
2. Payload
  
  Grab client ID from config backend where key is oxtrust_requesting_party_client_id. In this example we're getting 0008-76f0b100-6d68-4f21-96ca-c6e49d30094b as its value.
```
{
    "iss": "0008-76f0b100-6d68-4f21-96ca-c6e49d30094b",
    "sub": "0008-76f0b100-6d68-4f21-96ca-c6e49d30094b",
    "exp": 1575185573,
    "iat": 1575181565,
    "jti": "2f1c50c6-0359-4913-b3f9-c17ca93a1b82",
    "aud": "https://demoexample.gluu.org/oxauth/restv1/token"
}
```
  Note:
  - iat value is time since epoch; we can use date +%s command to get a value
  - exp value is expiration since epoch; we can use date --date="1 hours" +%s
  - jti value must be unique; we can use uuidgen command to get a value
  - aud is the URL for getting the token
  - iss and sub are client ID
3. Private key (see previous section about extracting private key)
After header, payload, and private key are ready, generate JWT string using debugger or any of supported libraries. Save the JWT string, for example:
```
eyJhbGciOiJSUzI1NiIs.RiLZyW2yYdF4P0QD0oY9zjBfsFwFSpSCRUe.3WnaETMtAIPpXQhry6SYFR1tFv1t4XO14o1qVA
```

Grab token from https://demoexample.gluu.org/oxauth/restv1/token:

curl -k https://demoexample.gluu.org/oxauth/restv1/token \
    -d grant_type='urn:ietf:params:oauth:grant-type:uma-ticket' \
    -d ticket='ed5d9fa7-7117-4fc0-85c2-17a064448dc8'  \
    -d client_id='0008-76f0b100-6d68-4f21-96ca-c6e49d30094b' \
    -d client_assertion_type='urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
    -d client_assertion='eyJhbGciOiJSUzI1NiIs.RiLZyW2yYdF4P0QD0oY9zjBfsFwFSpSCRUe.3WnaETMtAIPpXQhry6SYFR1tFv1t4XO14o1qVA'
    -d scope=`oxtrust-api-read oxtrust-api-write`

The response example:

{
    "access_token": "d01cdc70-6519-4118-89bb-9ee1748acdd1_D8F4.E104.D094.6B62.79E0.6F8E.FB55.0509",
    "token_type": "Bearer",
    "upgraded": false,
    "pct": "0b598193-11cb-4926-9e4c-cc7c95e6ce37_CB14.8C6B.E2B2.46CD.53B2.CBEF.C50E.9FE9"
}

Extract value of access_token; in this case d01cdc70-6519-4118-89bb-9ee1748acdd1_D8F4.E104.D094.6B62.79E0.6F8E.FB55.0509.

Retry request to get groups (this time pass along the token in the request header):

curl -k -H 'Authorization: Bearer d01cdc70-6519-4118-89bb-9ee1748acdd1_D8F4.E104.D094.6B62.79E0.6F8E.FB55.0509' \
    https://demoexample.gluu.org/identity/restv1/api/v1/groups

If succeed, the output is similar to the following:

[
    {
        "status": "ACTIVE",
        "displayName": "Gluu Manager Group",
        "description": "This group is for administrative purpose, with full acces to users",
        "members": [
            "inum=04f0d0e9-a609-4a0a-9580-ebd981a49a61,ou=people,o=gluu"
        ],
        "inum": "60B7",
        "owner": null,
        "organization": null,
        "iname": null
    }
]

Reuse the token (as long as it still valid) to make any request to oxTrust API endpoints.

Available API modes#

The oxTrust API has two modes that administrators can configure according to need.

Test Mode#

Follow these steps to configure the test mode:

Move the oxTrust API jar to /opt/gluu/jetty/identity/custom/libs/.
Edit identity.xml as mentioned above
Restart the identity service
Log into Gluu Admin UI
Navigate to Configuration > Manage Custom Scripts
Under UMA RPT Policies, select and enable the custom script named oxtrust_api_access_policy
Save the custom script
Navigate to Configuration > JSON Configuration, select oxTrust Configuration tab
Search for the field named oxTrustApiTestMode, set it to True and save the change.
Add an OpenId Connect client for testing:
- Client Name: whatever you want
- Client secret: a memorable secret
- scopes: openid,permission
- grand types: client_credentials
- Response type: token
- NB: After pressing the save button, take note of the client ID generated and the secret. We need them for next step.

Run the command below from a terminal to request an access token from Gluu Server

curl -k -u 'testClientId:testClientSecert' -d grant_type=client_credentials https://yourhostname/oxauth/restv1/token

Use that accesss token as Bearer token when making api calls.

UMA Mode#

The UMA mode is the mode in which the API is protected by UMA. This is the recommended mode for production server.

Available Endpoints#

API	Description
addClientToUmaResource	Add client to an UMA resource
addGroupMember	Add a group member
addRadiusClient	Add a new RADIUS client
addScopeToClient	Add a scope to an OIDC client
addScopeToUmaResource	Add a scope to an UMA resource
create	Create a new configuration
createAttribute	Add a new attribute
createClient	Add a new OpenID Connect client
createCustomScript	Add a new custom script
createGroup	Add a new group
createPassportProvider	Add a new passport provider
createPerson	Add a new person
createScope	Add a new OpenID Connect scope
createSectorIdentifier	Add a new sector identifier
createUmaResource	Add a new UMA resource
createUmaScope	Add a new UMA scope
delete	Delete an existing configuration
deleteAllProviders	Delete all providers
deleteAllUmaScopes	Delete all UMA scopes
deleteAttribute	Delete an attribute
deleteAttributes	Delete all attributes
deleteClient	Delete an OpenID Connect client
deleteClientScopes	Delete the scopes in an OpenID Connect Client
deleteClients	Delete all clients
deleteCustomScript	Delete a custom script
deleteGroup	Delete a group
deleteGroupMembers	Delete the members of a group
deleteGroups	Delete all groups
deletePeople	Delete all people
deletePerson	Delete a person
deleteProvider	Delete a passport provider
deleteRadiusClient	Delete a RADIUS client
deleteScope	Delete an OpenID Connect scope
deleteScopes	Delete all OpenID Connect scopes
deleteSectorIdentifier	Delete a Sector Identifier
deleteUmaResource	Delete an UMA resource
deleteUmaScope	Delete an UMA scope
getAllActiveAttributes	Get all active attributes
getAllAttributes	Get all attributes
getAllInactiveAttributes	Get all inactive attributes
getAllScopes	Get all scopes
getAllSectorIdentifiers	Get all sector identifiers
getAttributeByInum	Get a specific attribute
getCasConfig	Get the existing configuration
getClientByInum	Get a specific OpenID Connect client
getClientScope	Get scopes assigned to an OpenID client
getConfiguration	Get Gluu configuration
getCurrentAuthentication	Get current authentication methods
getCustomScriptsByInum	Get specific custom scripts
getGroupByInum	Get a specific group
getGroupMembers	Get members of a specific group
getOxAuthJsonSettings	Get oxAuth JSON configuration settings
getOxtrustJsonSettings	Get oxTrust JSON configuration settings
getOxtrustSettings	get oxTrust configuration settings
getPassportBasicConfig	Get Passport's basic configuration
getPersonByInum	Get a specific person
getProviderById	Get a specific Passport provider
getRadiusClient	Get a specific RADIUS client
getScopeByInum	Get a specific OpenID Connect scope
getScopeClaims	List all claims for a scope
getSectorIdentifierById	Get a specific Sector Identifier
getServerConfig	Get RADIUS server configuration
getServerStatus	Get current server status
getSmtpServerConfiguration	Get SMTP server configuration
getUmaResourceById	Get a specific UMA resource
getUmaResourceClients	Get the clients for a specific UMA resource
getUmaResourceScopes	Get the scopes for a specific UMA resource
getUmaScopeByInum	Get a specific UMA scope
listCertificates	List descriptions of the Gluu Server's certificates
listClients	List all OpenID Connect clients
listCustomScripts	List all custom scripts
listCustomScriptsByType	List all person authentication scripts
listGroups	List all groups
listPeople	List all people
listProviders	List all Passport providers
listRadiusClients	List all RADIUS clients
listUmaResources	List all UMA resources
listUmaScopes	List UMA scopes
read	Get the existing configuration
removeClientToUmaResource	Remove a client from an UMA resource
removeGroupMember	Remove a member from a group
removeScopeToClient	Remove an existing scope from a client
removeScopeToUmaResource	Remove a scope from an UMA resource
searchAttributes	Search attributes
searchGroups	Search OpenID Connect clients
searchGroups1	Search groups
searchGroups2	Search person
searchScope	Search OpenID Connect scopes
searchSectorIdentifier	Search sector identifiers
searchUmaResources	Search UMA resources
searchUmaScopes	Search UMA scopes
status	Check the status of a configuration
status1	Check the status of an existing configuration
testSmtpConfiguration	Test the SMTP configuration
update	Update the configuration
update1	Update an existing configuration
updateAttribute	Update a new attribute
updateAuthenticationMethod	Update the authentication methods
updateClient	Update an OpenID Connect client
updateCustomScript	Update a custom script
updateGroup	Update a group
updateGroup1	Update a person
updateOxauthJsonSetting	Update an oxAuth JSON configuration setting
updateOxtrustJsonSetting	Update an oxTrust JSON configuration setting
updateOxtrustSetting	Update oxTrust settings
updatePassportBasicConfig	Update Passport basic configuration
updatePassportProvider	Update a Passport provider
updateRadiusClient	Update RADIUS client
updateScope	Update an OpenID Connect scope
updateSectorIdentifier	Update a sector identifier
updateServerConfiguration	Update the RADIUS server configuration
updateSmtpConfiguration	Update the SMTP configuration
updateUmaResource	Update an UMA Resource
updateUmaScope	Update an UMA scope

API References#

addClientToUmaResource#

URL

//api/v1/uma/resources/{id}/clients/{inum}

HTTP Method

POST

Response Type

UmaResource

Field	Data Type
`dn`	String
`inum`	String
`id`	String
`name`	String
`iconUri`	String
`scopes`	List
`scopeExpression`	String
`clients`	List
`resources`	List
`rev`	String
`creator`	String
`description`	String
`type`	String
`creationDate`	Date
`expirationDate`	Date
`deletable`	Boolean

Parameters

Location	Parameter Name	Input
Path	`id`	String
Path	`inum`	String

addGroupMember#

URL

//api/v1/groups/{inum}/members/{minum}

HTTP Method

POST

Response Type

String

Parameters

Location	Parameter Name	Input
Path	`inum`	String
Path	`minum`	String

addRadiusClient#

URL

//api/v1/radius/clients

HTTP Method

POST

Response Type

RadiusClient

Field	Data Type
`dn`	String
`inum`	String
`name`	String
`ipAddress`	String
`secret`	String
`priority`	Integer

Parameters

Location	Parameter Name	Input
Body		`RadiusClient(RadiusClient)`

addScopeToClient#

URL

//api/v1/clients/{inum}/scopes/{sinum}

HTTP Method

POST

Response Type

String

Parameters

Location	Parameter Name	Input
Path	`inum`	String
Path	`sinum`	String

addScopeToUmaResource#

URL

//api/v1/uma/resources/{id}/scopes/{inum}

HTTP Method

POST

Response Type

UmaResource

Field	Data Type
`dn`	String
`inum`	String
`id`	String
`name`	String
`iconUri`	String
`scopes`	List
`scopeExpression`	String
`clients`	List
`resources`	List
`rev`	String
`creator`	String
`description`	String
`type`	String
`creationDate`	Date
`expirationDate`	Date
`deletable`	Boolean

Parameters

Location	Parameter Name	Input
Path	`id`	String
Path	`inum`	String

create#

URL

//api/v1/configuration/ldap

HTTP Method

POST

Response Type

LdapConfigurationDTO

Field	Data Type
`configId`	String
`bindDN`	String
`bindPassword`	String
`servers`	List
`maxConnections`	Integer
`useSSL`	Boolean
`baseDNs`	List
`primaryKey`	String
`localPrimaryKey`	String
`useAnonymousBind`	Boolean
`enabled`	Boolean
`level`	Integer

Parameters

Location	Parameter Name	Input
Body		`LdapConfigurationDTO(LdapConfigurationDTO)`

createAttribute#

URL

//api/v1/attributes

HTTP Method

POST

Response Type

GluuAttribute

Field	Data Type	Options
`dn`	String
`selected`	Boolean
`inum`	String
`type`	String
`lifetime`	String
`sourceAttribute`	String
`salt`	String
`nameIdType`	String
`name`	String
`displayName`	String
`description`	String
`origin`	String
`dataType`	String	`string` `numeric` `boolean` `binary` `certificate` `generalizedTime`
`editType`	List
`viewType`	List
`usageType`	List
`oxAuthClaimName`	String
`seeAlso`	String
`status`	String	`active` `inactive` `expired` `register`
`saml1Uri`	String
`saml2Uri`	String
`urn`	String
`oxSCIMCustomAttribute`	Boolean
`oxMultivaluedAttribute`	Boolean
`custom`	Boolean
`requred`	Boolean
`attributeValidation`	AttributeValidation
`gluuTooltip`	String
`adminCanAccess`	Boolean
`adminCanView`	Boolean
`adminCanEdit`	Boolean
`userCanAccess`	Boolean
`userCanView`	Boolean
`whitePagesCanView`	Boolean
`userCanEdit`	Boolean
`baseDn`	String

Parameters

Location	Parameter Name	Input
Body		`GluuAttribute(GluuAttribute)`

createClient#

URL

//api/v1/clients

HTTP Method

POST

Response Type

OxAuthClient

Field	Data Type	Options
`dn`	String
`selected`	Boolean
`inum`	String
`iname`	String
`displayName`	String
`description`	String
`oxAuthAppType`	String	`web` `native`
`contacts`	List
`oxAuthRedirectURIs`	List
`oxAuthPostLogoutRedirectURIs`	List
`oxAuthScopes`	List
`oxAuthClaims`	List
`encodedClientSecret`	String
`userPassword`	String
`associatedPersons`	List
`oxAuthTrustedClient`	Boolean
`responseTypes`	List
`grantTypes`	List
`logoUri`	String
`clientUri`	String
`policyUri`	String
`tosUri`	String
`jwksUri`	String
`jwks`	String
`sectorIdentifierUri`	String
`subjectType`	String	`pairwise` `public`
`idTokenTokenBindingCnf`	String
`rptAsJwt`	Boolean
`accessTokenAsJwt`	Boolean
`accessTokenSigningAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`idTokenSignedResponseAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`idTokenEncryptedResponseAlg`	String	`RSA1_5` `RSA-OAEP` `A128KW` `A256KW`
`idTokenEncryptedResponseEnc`	String	`A128CBC+HS256` `A256CBC+HS512` `A128GCM` `A256GCM`
`userInfoSignedResponseAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`userInfoEncryptedResponseAlg`	String	`RSA1_5` `RSA-OAEP` `A128KW` `A256KW`
`userInfoEncryptedResponseEnc`	String	`A128CBC+HS256` `A256CBC+HS512` `A128GCM` `A256GCM`
`requestObjectSigningAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`requestObjectEncryptionAlg`	String	`RSA1_5` `RSA-OAEP` `A128KW` `A256KW`
`requestObjectEncryptionEnc`	String	`A128CBC+HS256` `A256CBC+HS512` `A128GCM` `A256GCM`
`tokenEndpointAuthMethod`	String	`client_secret_basic` `client_secret_post` `client_secret_jwt` `private_key_jwt` `none`
`tokenEndpointAuthSigningAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`defaultMaxAge`	Integer
`requireAuthTime`	Boolean
`postLogoutRedirectUris`	List
`claimRedirectURI`	List
`logoutUri`	List
`logoutSessionRequired`	Boolean
`oxAuthPersistClientAuthorizations`	Boolean
`oxIncludeClaimsInIdToken`	Boolean
`oxRefreshTokenLifetime`	Integer
`accessTokenLifetime`	Integer
`defaultAcrValues`	List
`initiateLoginUri`	String
`clientSecretExpiresAt`	Date
`requestUris`	List
`authorizedOrigins`	List
`softwareId`	String
`softwareVersion`	String
`softwareStatement`	String
`disabled`	Boolean
`oxdId`	String
`oxAuthClientSecret`	String
`attributes`	ClientAttributes
`baseDn`	String

Parameters

Location	Parameter Name	Input
Body		`OxAuthClient(OxAuthClient)`

createCustomScript#

URL

//api/v1/configuration/scripts

HTTP Method

POST

Response Type

CustomScript

Field	Data Type	Options
`dn`	String
`inum`	String
`name`	String
`aliases`	List
`description`	String
`script`	String
`scriptType`	String	`person_authentication` `introspection` `resource_owner_password_credentials` `application_session` `cache_refresh` `update_user` `user_registration` `client_registration` `id_generator` `uma_rpt_policy` `uma_claims_gathering` `consent_gathering` `dynamic_scope` `scim`
`programmingLanguage`	String	`python` `javascript`
`moduleProperties`	List
`configurationProperties`	List
`level`	Integer
`revision`	Long
`enabled`	Boolean
`scriptError`	ScriptError
`modified`	Boolean
`internal`	Boolean
`locationType`	String	`ldap` `file`
`locationPath`	String
`baseDn`	String

Parameters

Location	Parameter Name	Input
Body		`CustomScript(CustomScript)`

createGroup#

URL

//api/v1/groups

HTTP Method

POST

Response Type

GluuGroupApi

Field	Data Type	Options
`inum`	String
`iname`	String
`displayName`	String
`description`	String
`owner`	String
`members`	List
`organization`	String
`status`	String	`active` `inactive` `expired` `register`

Parameters

Location	Parameter Name	Input
Body		`GluuGroupApi(GluuGroupApi)`

createPassportProvider#

URL

//api/v1/passport/providers

HTTP Method

POST

Response Type

Provider

Field	Data Type
`id`	String
`displayName`	String
`type`	String
`mapping`	String
`passportStrategyId`	String
`enabled`	Boolean
`callbackUrl`	String
`requestForEmail`	Boolean
`emailLinkingSafe`	Boolean
`passportAuthnParams`	String
`options`	Map
`logo_img`	String

Parameters

Location	Parameter Name	Input
Body		`Provider(Provider)`

createPerson#

URL

//api/v1/users

HTTP Method

POST

Response Type

GluuPersonAPI

Field	Data Type	Options
`inum`	String
`iname`	String
`surName` String
`givenName`	String
`email`	String
`password`	String
`userName`	String
`displayName`	String
`creationDate`	Date
`status`	String	`active` `inactive` `expired` `register`

Parameters

Location	Parameter Name	Input
Body		`GluuPersonApi(GluuPersonApi)`

createScope#

URL

//api/v1/scopes

HTTP Method

POST

Response Type

Scope

Field	Data Type	Options
`dn`	String
`inum`	String
`displayName`	String
`id`	String
`iconUrl`	String
`description`	String
`scopeType`	String	`openid` `dynamic` `uma` `oauth`
`oxAuthClaims`	List
`defaultScope`	Boolean
`oxAuthGroupClaims`	Boolean
`dynamicScopeScripts`	List
`umaAuthorizationPolicies`	List
`umaType`	Boolean

Parameters

Location	Parameter Name	Input
Body		`Scope(Scope)`

createSectorIdentifier#

URL

//api/v1/sectoridentifiers

HTTP Method

POST

Response Type

OxAuthSectoryIdentifier

Field	Data Type
`dn`	String
`selected`	Boolean
`id`	String
`description`	String
`redirectUris`	List
`clientIds`	List
`loginUri`	String
`baseDn`	String

Parameters

Location	Parameter Name	Input
Body		`OxAuthSectorIdentifier(OxAuthSectorIdentifier)`

createUmaResource#

URL

//api/v1/uma/resources

HTTP Method

POST

Response Type

UmaResource

Field	Data Type
`dn`	String
`inum`	String
`id`	String
`name`	String
`iconUri`	String
`scopes`	List
`scopeExpression`	String
`clients`	List
`resources`	List
`rev`	String
`creator`	String
`description`	String
`type`	String
`creationDate`	Date
`expirationDate`	Date
`deletable`	Boolean

Parameters

Location	Parameter Name	Input
Body		`UmaResource(UmaResource)`

createUmaScope#

URL

//api/v1/uma/scopes

HTTP Method

POST

Response Type

Scope

Field	Data Type	Options
`dn`	String
`inum`	String
`displayName`	String
`id`	String
`iconUrl`	String
`description`	String
`scopeType`	String	`openid` `dynamic` `uma` `oauth`
`oxAuthClaims`	List
`defaultScope`	Boolean
`oxAuthGroupClaims`	Boolean
`dynamicScopeScripts`	List
`umaAuthorizationPolicies`	List
`umaType`	Boolean

Parameters

Location	Parameter Name	Input
Body		`Scope(Scope)`

delete#

URL

//api/v1/configuration/ldap/{name}

HTTP Method

DELETE

Response Type

String

Parameters

Location	Parameter Name	Input
Path	`name`	String

deleteAllProviders#

URL

//api/v1/passport/providers

HTTP Method

DELETE

Response Type

None

Parameters

None

deleteAllUmaScopes#

URL

//api/v1/uma/scopes

HTTP Method

DELETE

Response Type

None

Parameters

None

deleteAttribute#

URL

//api/v1/attributes/{inum}

HTTP Method

DELETE

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`inum`	String

deleteAttributes#

URL

//api/v1/attributes

HTTP Method

DELETE

Response Type

None

Parameters

None

deleteClient#

URL

//api/v1/clients/{inum}

HTTP Method

DELETE

Response Type

String

Parameters

Location	Parameter Name	Input
Path	`inum`	String

deleteClientScopes#

URL

//api/v1/clients/{inum}/scopes

HTTP Method

DELETE

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`inum`	String

deleteClients#

URL

//api/v1/clients

HTTP Method

DELETE

Response Type

None

Parameters

None

deleteCustomScript#

URL

//api/v1/configuration/scripts/{inum}

HTTP Method

DELETE

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`inum`	String

deleteGroup#

URL

//api/v1/groups/{inum}

HTTP Method

DELETE

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`inum`	String

deleteGroupMembers#

URL

//api/v1/groups/{inum}/members

HTTP Method

DELETE

Response Type

None

Parameters

None

deleteGroups#

URL

//api/v1/groups

HTTP Method

DELETE

Response Type

None

Parameters

None

deletePeople#

URL

//api/v1/users

HTTP Method

DELETE

Response Type

None

Parameters

None

deletePerson#

URL

//api/v1/users/{inum}

HTTP Method

DELETE

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`inum`	String

deleteProvider#

URL

//api/v1/passport/providers/{id}

HTTP Method

DELETE

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`id`	String

deleteRadiusClient#

URL

//api/v1/radius/clients/{inum}

HTTP Method

DELETE

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`inum`	String

deleteScope#

URL

//api/v1/scopes/{inum}

HTTP Method

DELETE

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`inum`	String

deleteScopes#

URL

//api/v1/scopes

HTTP Method

DELETE

Response Type

None

Parameters

None

deleteSectorIdentifier#

URL

//api/v1/sectoridentifiers/{inum}

HTTP Method

DELETE

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`inum`	String

deleteUmaResource#

URL

//api/v1/uma/resources/{id}

HTTP Method

DELETE

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`id`	String

deleteUmaScope#

URL

//api/v1/uma/scopes/{inum}

HTTP Method

DELETE

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`inum`	String

getAllActiveAttributes#

URL

//api/v1/attributes/active

HTTP Method

GET

Response Type

String

Parameters

None

getAllAttributes#

URL

//api/v1/attributes

HTTP Method

GET

Response Type

String

Parameters

None

getAllInactiveAttributes#

URL

//api/v1/attributes/inactive

HTTP Method

GET

Response Type

String

Parameters

None

getAllScopes#

URL

//api/v1/scopes

HTTP Method

GET

Response Type

String

Parameters

None

getAllSectorIdentifiers#

URL

//api/v1/sectoridentifiers

HTTP Method

GET

Response Type

String

Parameters

None

getAttributeByInum#

URL

//api/v1/attributes/{inum}

HTTP Method

GET

Response Type

GluuAttribute

Field	Data Type	Options
`dn`	String
`selected`	Boolean
`inum`	String
`type`	String
`lifetime`	String
`sourceAttribute`	String
`salt`	String
`nameIdType`	String
`name`	String
`displayName`	String
`description`	String
`origin`	String
`dataType`	String	`string` `numeric` `boolean` `binary` `certificate` `generalizedTime`
`editType`	List
`viewType`	List
`usageType`	List
`oxAuthClaimName`	String
`seeAlso`	String
`status`	String	`active` `inactive` `expired` `register`
`saml1Uri`	String
`saml2Uri`	String
`urn`	String
`oxSCIMCustomAttribute`	Boolean
`oxMultivaluedAttribute`	Boolean
`custom`	Boolean
`requred`	Boolean
`attributeValidation`	AttributeValidation
`gluuTooltip`	String
`adminCanAccess`	Boolean
`adminCanView`	Boolean
`adminCanEdit`	Boolean
`userCanAccess`	Boolean
`userCanView`	Boolean
`whitePagesCanView`	Boolean
`userCanEdit`	Boolean
`baseDn` : String

Parameters

Location	Parameter Name	Input
Path	`inum`	String

getCasConfig#

URL

//api/v1/configuration/cas

HTTP Method

GET

Response Type

CasProtocolDTO

Field	Data Type
`casBaseURL`	String
`shibbolethCASProtocolConfiguration`	`ShibbolethCASProtocolConfigurationDTO`

Parameters

None

getClientByInum#

URL

//api/v1/clients/{inum}

HTTP Method

GET

Response Type

OxAuthClient

Field	Data Type	Options
`dn`	String
`selected`	Boolean
`inum`	String
`iname`	String
`displayName`	String
`description`	String
`oxAuthAppType`	String	`web` `native`
`contacts`	List
`oxAuthRedirectURIs`	List
`oxAuthPostLogoutRedirectURIs`	List
`oxAuthScopes`	List
`oxAuthClaims`	List
`encodedClientSecret`	String
`userPassword`	String
`associatedPersons`	List
`oxAuthTrustedClient`	Boolean
`responseTypes`	List
`grantTypes`	List
`logoUri`	String
`clientUri`	String
`policyUri`	String
`tosUri`	String
`jwksUri`	String
`jwks`	String
`sectorIdentifierUri`	String
`subjectType`	String	`pairwise` `public`
`idTokenTokenBindingCnf`	String
`rptAsJwt`	Boolean
`accessTokenAsJwt`	Boolean
`accessTokenSigningAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`idTokenSignedResponseAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`idTokenEncryptedResponseAlg`	String	`RSA1_5` `RSA-OAEP` `A128KW` `A256KW`
`idTokenEncryptedResponseEnc`	String	`A128CBC+HS256` `A256CBC+HS512` `A128GCM` `A256GCM`
`userInfoSignedResponseAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`userInfoEncryptedResponseAlg`	String	`RSA1_5` `RSA-OAEP` `A128KW` `A256KW`
`userInfoEncryptedResponseEnc`	String	`A128CBC+HS256` `A256CBC+HS512` `A128GCM` `A256GCM`
`requestObjectSigningAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`requestObjectEncryptionAlg`	String	`RSA1_5` `RSA-OAEP` `A128KW` `A256KW`
`requestObjectEncryptionEnc`	String	`A128CBC+HS256` `A256CBC+HS512` `A128GCM` `A256GCM`
`tokenEndpointAuthMethod`	String	`client_secret_basic` `client_secret_post` `client_secret_jwt` `private_key_jwt` `none`
`tokenEndpointAuthSigningAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`defaultMaxAge`	Integer
`requireAuthTime`	Boolean
`postLogoutRedirectUris`	List
`claimRedirectURI`	List
`logoutUri`	List
`logoutSessionRequired`	Boolean
`oxAuthPersistClientAuthorizations`	Boolean
`oxIncludeClaimsInIdToken`	Boolean
`oxRefreshTokenLifetime`	Integer
`accessTokenLifetime`	Integer
`defaultAcrValues`	List
`initiateLoginUri`	String
`clientSecretExpiresAt`	Date
`requestUris`	List
`authorizedOrigins`	List
`softwareId`	String
`softwareVersion`	String
`softwareStatement`	String
`disabled`	Boolean
`oxdId`	String
`oxAuthClientSecret`	String
`attributes`	ClientAttributes
`baseDn`	String

Parameters

Location	Parameter Name	Input
Path	`inum`	String

getClientScope#

URL

//api/v1/clients/{inum}/scopes

HTTP Method

GET

Response Type

String

Parameters

Location	Parameter Name	Input
Path	`inum`	String

getConfiguration#

URL

//api/v1/configuration

HTTP Method

GET

Response Type

GluuConfiguration

Field	Data Type	Options
`dn`	String
`inum`	String
`description`	String
`displayName`	String
`freeDiskSpace`	String
`freeMemory`	String
`freeSwap`	String
`groupCount`	String
`personCount`	String
`hostname`	String
`ipAddress`	String
`systemUptime`	String
`lastUpdate`	Date
`pollingInterval`	String
`status`	String	`active` `inactive` `expired` `register`
`userPassword`	String
`gluuHttpStatus`	String
`gluuDSStatus`	String
`gluuVDSStatus`	String
`gluuSPTR`	String
`sslExpiry`	String
`profileManagment`	Boolean
`manageIdentityPermission`	Boolean
`vdsCacheRefreshEnabled`	Boolean
`cacheRefreshServerIpAddress`	String
`vdsCacheRefreshPollingInterval`	String
`vdsCacheRefreshLastUpdate`	Date
`vdsCacheRefreshLastUpdateCount`	String
`vdsCacheRefreshProblemCount`	String
`scimEnabled`	Boolean
`passportEnabled`	Boolean
`contactEmail`	String
`smtpConfiguration`	SmtpConfiguration
`configurationDnsServer`	String
`maxLogSize`	Integer
`loadAvg`	String
`oxIDPAuthentication`	List
`authenticationMode`	String
`oxTrustAuthenticationMode`	String
`oxLogViewerConfig`	LogViewerConfig
`oxLogConfigLocation`	String
`passwordResetAllowed`	Boolean
`trustStoreConfiguration`	TrustStoreConfiguration
`trustStoreCertificates`	List
`cacheConfiguration`	CacheConfiguration
`baseDn`	String

Parameters

None

getCurrentAuthentication#

URL

//api/v1/acrs

HTTP Method

GET

Response Type

Field	Data Type
`defaultAcr`	String
`oxtrustAcr`	String

Parameters

None

getCustomScriptsByInum#

URL

//api/v1/configuration/scripts/{inum}

HTTP Method

GET

Response Type

CustomScript

Field	Data Type	Options
`dn`	String
`inum`	String
`name`	String
`aliases`	List
`description`	String
`script`	String
`scriptType`	String	`person_authentication` `introspection` `resource_owner_password_credentials` `application_session` `cache_refresh` `update_user` `user_registration` `client_registration` `id_generator` `uma_rpt_policy` `uma_claims_gathering` `consent_gathering` `dynamic_scope` `scim`
`programmingLanguage`	String	`python` `javascript`
`moduleProperties`	List
`configurationProperties`	List
`level`	Integer
`revision`	Long
`enabled`	Boolean
`scriptError`	ScriptError
`modified`	Boolean
`internal`	Boolean
`locationType`	String	`ldap` `file`
`locationPath`	String
`baseDn`	String

Parameters

Location	Parameter Name	Input
Path	`inum`	String

getGroupByInum#

URL

//api/v1/groups/{inum}

HTTP Method

GET

Response Type

GluuGroupApi

Field	Data Type	Options
`inum`	String
`iname`	String
`displayName`	String
`description`	String
`owner`	String
`members`	List
`organization`	String
`status`	String	`active` `inactive` `expired` `register`

Parameters

Location	Parameter Name	Input
Path	`inum`	String

getGroupMembers#

URL

//api/v1/groups/{inum}/members

HTTP Method

GET

Response Type

String

Parameters

Location	Parameter Name	Input
Path	`inum`	String

getOxAuthJsonSettings#

URL

//api/v1/configuration/oxauth/settings

HTTP Method

GET

Response Type

oxAuthJsonConfiguration

Field	Data Type
`issuer`	String
`baseEndpoint`	String
`authorizationEndpoint`	String
`tokenEndpoint`	String
`tokenRevocationEndpoint`	String
`userInfoEndpoint`	String
`clientInfoEndpoint`	String
`checkSessionIFrame`	String
`endSessionEndpoint`	String
`jwksUri`	String
`registrationEndpoint`	String
`openIdDiscoveryEndpoint`	String
`openIdConfigurationEndpoint`	String
`idGenerationEndpoint`	String
`introspectionEndpoint`	String
`umaConfigurationEndpoint`	String
`sectorIdentifierEndpoint`	String
`oxElevenGenerateKeyEndpoint`	String
`oxElevenSignEndpoint`	String
`oxElevenVerifySignatureEndpoint`	String
`oxElevenDeleteKeyEndpoint`	String
`oxElevenJwksEndpoint`	String
`openidSubAttribute`	String
`responseTypesSupported`	List
`grantTypesSupported`	List
`subjectTypesSupported`	List
`defaultSubjectType`	String
`userInfoSigningAlgValuesSupported`	List
`userInfoEncryptionAlgValuesSupported`	List
`userInfoEncryptionEncValuesSupported`	List
`idTokenSigningAlgValuesSupported`	List
`idTokenEncryptionAlgValuesSupported`	List
`idTokenEncryptionEncValuesSupported`	List
`requestObjectSigningAlgValuesSupported`	List
`requestObjectEncryptionAlgValuesSupported`	List
`requestObjectEncryptionEncValuesSupported`	List
`tokenEndpointAuthMethodsSupported`	List
`tokenEndpointAuthSigningAlgValuesSupported`	List
`dynamicRegistrationCustomAttributes`	List
`displayValuesSupported`	List
`claimTypesSupported`	List
`serviceDocumentation`	String
`claimsLocalesSupported`	List
`idTokenTokenBindingCnfValuesSupported`	List
`uiLocalesSupported`	List
`dynamicGrantTypeDefault`	List
`claimsParameterSupported`	Boolean
`requestParameterSupported`	Boolean
`requestUriParameterSupported`	Boolean
`requireRequestUriRegistration`	Boolean
`allowPostLogoutRedirectWithoutValidation`	Boolean
`introspectionAccessTokenMustHaveUmaProtectionScope`	Boolean
`opPolicyUri`	String
`opTosUri`	String
`authorizationCodeLifetime`	Integer
`refreshTokenLifetime`	Integer
`idTokenLifetime`	Integer
`accessTokenLifetime`	Integer
`umaResourceLifetime`	Integer
`sessionAsJwt`	Boolean
`umaRptLifetime`	Integer
`umaTicketLifetime`	Integer
`umaPctLifetime`	Integer
`umaAddScopesAutomatically`	Boolean
`umaValidateClaimToken`	Boolean
`umaGrantAccessIfNoPolicies`	Boolean
`umaRestrictResourceToAssociatedClient`	Boolean
`umaKeepClientDuringResourceSetRegistration`	Boolean
`umaRptAsJwt`	Boolean
`cleanServiceInterval`	Integer
`keyRegenerationEnabled`	Boolean
`keyRegenerationInterval`	Integer
`defaultSignatureAlgorithm`	String
`oxOpenIdConnectVersion`	String
`organizationInum`	String
`oxId`	String
`dynamicRegistrationEnabled`	Boolean
`dynamicRegistrationExpirationTime`	Integer
`dynamicRegistrationPersistClientAuthorizations`	Boolean
`trustedClientEnabled`	Boolean
`skipAuthorizationForOpenIdScopeAndPairwiseId`	Boolean
`dynamicRegistrationScopesParamEnabled`	Boolean
`dynamicRegistrationCustomObjectClass`	String
`personCustomObjectClassList`	List
`persistIdTokenInLdap`	Boolean
`persistRefreshTokenInLdap`	Boolean
`authenticationFiltersEnabled`	Boolean
`invalidateSessionCookiesAfterAuthorizationFlow`	Boolean
`clientAuthenticationFiltersEnabled`	Boolean
`authenticationFilters`	List
`clientAuthenticationFilters`	List
`configurationInum`	String
`sessionIdUnusedLifetime`	Integer
`sessionIdUnauthenticatedUnusedLifetime`	Integer
`sessionIdEnabled`	Boolean
`sessionIdPersistOnPromptNone`	Boolean
`sessionIdLifetime`	Integer
`configurationUpdateInterval`	Integer
`cssLocation`	String
`jsLocation`	String
`imgLocation`	String
`metricReporterInterval`	Integer
`metricReporterKeepDataDays`	Integer
`pairwiseIdType`	String
`pairwiseCalculationKey`	String
`pairwiseCalculationSalt`	String
`shareSubjectIdBetweenClientsWithSameSectorId`	Boolean
`webKeysStorage`	String
`dnName`	String
`keyStoreFile`	String
`keyStoreSecret`	String
`endSessionWithAccessToken`	Boolean
`clientWhiteList`	List
`clientBlackList`	List
`legacyIdTokenClaims`	Boolean
`customHeadersWithAuthorizationResponse`	Boolean
`frontChannelLogoutSessionSupported`	Boolean
`updateUserLastLogonTime`	Boolean
`updateClientAccessTime`	Boolean
`enableClientGrantTypeUpdate`	Boolean
`corsConfigurationFilters`	List
`logClientIdOnClientAuthentication`	Boolean
`logClientNameOnClientAuthentication`	Boolean
`httpLoggingEnabled`	Boolean
`httpLoggingExludePaths`	List
`externalLoggerConfiguration`	String
`authorizationRequestCustomAllowedParameters`	List
`legacyDynamicRegistrationScopeParam`	Boolean
`openidScopeBackwardCompatibility`	Boolean
`useCacheForAllImplicitFlowObjects`	Boolean
`disableU2fEndpoint`	Boolean
`authenticationProtectionConfiguration`	`AuthenticationProtectionConfiguration`
`fido2Configuration`	Fido2Configuration
`loggingLevel`	String
`errorHandlingMethod`	String

Parameters

None

getOxtrustJsonSettings#

URL

//api/v1/configuration/oxtrust/settings

HTTP Method

GET

Response Type

OxTrustJsonSetting

Field	Data Type
`orgName`	String
`supportEmail`	String
`scimTestMode`	Boolean
`authenticationRecaptchaEnabled`	Boolean
`enforceEmailUniqueness`	Boolean
`loggingLevel`	String
`passwordResetRequestExpirationTime`	Integer
`cleanServiceInterval`	Integer

Parameters

None

getOxtrustSettings#

URL

//api/v1/configuration/settings

HTTP Method

GET

Response Type

OxtrustSetting

Field	Data Type
`allowPasswordReset`	String
`enablePassport`	String
`enableScim`	String
`allowProfileManagement`	String

Parameters

None

getPassportBasicConfig#

URL

//api/v1/passport/config

HTTP Method

GET

Response Type

String

Parameters

None

getPersonByInum#

URL

//api/v1/users/{inum}

HTTP Method

GET

Response Type

GluuPersonAPI

Field	Data Type	Options
`inum`	String
`iname`	String
`surName` String
`givenName`	String
`email`	String
`password`	String
`userName`	String
`displayName`	String
`creationDate`	Date
`status`	String	`active` `inactive` `expired` `register`

Parameters

Location	Parameter Name	Input
Path	`inum`	String

getProviderById#

URL

//api/v1/passport/providers/{id}

HTTP Method

GET

Response Type

Field	Data Type
`id`	String
`displayName`	String
`type`	String
`mapping`	String
`passportStrategyId`	String
`enabled`	Boolean
`callbackUrl`	String
`requestForEmail`	Boolean
`emailLinkingSafe`	Boolean
`passportAuthnParams`	String
`options`	Map
`logo_img`	String

Parameters

Location	Parameter Name	Input
Path	`id`	String

getRadiusClient#

URL

//api/v1/radius/clients/{inum}

HTTP Method

GET

Response Type

RadiusClient

Field	Data Type
`dn`	String
`inum`	String
`name`	String
`ipAddress`	String
`secret`	String
`priority`	Integer

Parameters

Location	Parameter Name	Input
Path	`inum`	String

getScopeByInum#

URL

//api/v1/scopes/{inum}

HTTP Method

GET

Response Type

Scope

Field	Data Type	Options
`dn`	String
`inum`	String
`displayName`	String
`id`	String
`iconUrl`	String
`description`	String
`scopeType`	String	`openid` `dynamic` `uma` `oauth`
`oxAuthClaims`	List
`defaultScope`	Boolean
`oxAuthGroupClaims`	Boolean
`dynamicScopeScripts`	List
`umaAuthorizationPolicies`	List
`umaType`	Boolean

Parameters

Location	Parameter Name	Input
Path	`inum`	String

getScopeClaims#

URL

//api/v1/scopes/{inum}/claims

HTTP Method

GET

Response Type

String

Parameters

Location	Parameter Name	Input
Path	`inum`	String

getSectorIdentifierById#

URL

//api/v1/sectoridentifiers/{id}

HTTP Method

GET

Response Type

OxAuthSectorIdentifier

Field	Data Type
`dn`	String
`selected`	Boolean
`id`	String
`description`	String
`redirectUris`	List
`clientIds`	List
`loginUri`	String
`baseDn`	String

Parameters

Location	Parameter Name	Input
Path	`id`	String

getServerConfig#

URL

//api/v1/radius/settings

HTTP Method

GET

Response Type

ServerConfiguration

Field	Data Type
`dn`	String
`listenInterface`	String
`authPort`	Integer
`acctPort`	Integer
`openidUsername`	String
`openidPassword`	String
`openidBaseUrl`	String
`acrValue`	String
`scopes`	List
`authenticationTimeout`	Integer

Parameters

None

getServerStatus#

URL

//api/v1/configuration/status

HTTP Method

GET

Response Type

Field	Data Type
`hostname`	String
`ipAddress`	String
`uptime`	String
`lastUpdate`	Date
`pollingInterval`	String
`personCount`	String
`groupCount`	String
`freeMemory`	String
`freeDiskSpace`	String

Parameters

None

getSmtpServerConfiguration#

URL

//api/v1/configuration/smtp

HTTP Method

GET

Response Type

SmtpConfiguration

Field	Data Type
`valid`	Boolean
`host`	String
`port`	Integer
`requires-ssl`	Boolean
`trust-host`	Boolean
`from-name`	String
`from-email-address`	String
`requires-authentication`	Boolean
`user-name`	String
`password`	String

Parameters

None

getUmaResourceById#

URL

//api/v1/uma/resources/{id}

HTTP Method

GET

Response Type

UmaResource

Field	Data Type
`dn`	String
`inum`	String
`id`	String
`name`	String
`iconUri`	String
`scopes`	List
`scopeExpression`	String
`clients`	List
`resources`	List
`rev`	String
`creator`	String
`description`	String
`type`	String
`creationDate`	Date
`expirationDate`	Date
`deletable`	Boolean

Parameters

Location	Parameter Name	Input
Path	`id`	String

getUmaResourceClients#

URL

//api/v1/uma/resources/{id}/clients

HTTP Method

GET

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`id`	String

getUmaResourceScopes#

URL

//api/v1/uma/resources/{id}/scopes

HTTP Method

GET

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`id`	String

getUmaScopeByInum#

URL

//api/v1/uma/scopes/{inum}

HTTP Method

GET

Response Type

Scope

Field	Data Type	Options
`dn`	String
`inum`	String
`displayName`	String
`id`	String
`iconUrl`	String
`description`	String
`scopeType`	String	`openid` `dynamic` `uma` `oauth`
`oxAuthClaims`	List
`defaultScope`	Boolean
`oxAuthGroupClaims`	Boolean
`dynamicScopeScripts`	List
`umaAuthorizationPolicies`	List
`umaType`	Boolean

Parameters

Location	Parameter Name	Input
Path	`inum`	String

listCertificates#

URL

//api/v1/certificates

HTTP Method

GET

Response Type

String

Parameters

None

listClients#

URL

//api/v1/clients

HTTP Method

GET

Response Type

String

Parameters

None

listCustomScripts#

URL

//api/v1/configuration/scripts

HTTP Method

GET

Response Type

String

Parameters

None

listCustomScriptsByType#

URL

//api/v1/configuration/scripts/type/{type}

HTTP Method

GET

Response Type

String

Parameters

Location	Parameter Name	Input
Path	`type`	String

listGroups#

URL

//api/v1/groups

HTTP Method

GET

Response Type

String

Parameters

Location	Parameter Name	Input
Query	`size`	Integer

listPeople#

URL

//api/v1/users

HTTP Method

GET

Response Type

String

Parameters

None

listProviders#

URL

//api/v1/passport/providers

HTTP Method

GET

Response Type

String

Parameters

None

listRadiusClients#

URL

//api/v1/radius/clients

HTTP Method

GET

Response Type

String

Parameters

None

listUmaResources#

URL

//api/v1/uma/resources

HTTP Method

GET

Response Type

String

Parameters

None

listUmaScopes#

URL

//api/v1/uma/scopes

HTTP Method

GET

Response Type

String

Parameters

None

read#

URL

//api/v1/configuration/ldap

HTTP Method

GET

Response Type

String

Parameters

None

removeClientToUmaResource#

URL

//api/v1/uma/resources/{id}/clients/{inum}

HTTP Method

DELETE

Response Type

UmaResource

Field	Data Type
`dn`	String
`inum`	String
`id`	String
`name`	String
`iconUri`	String
`scopes`	List
`scopeExpression`	String
`clients`	List
`resources`	List
`rev`	String
`creator`	String
`description`	String
`type`	String
`creationDate`	Date
`expirationDate`	Date
`deletable`	Boolean

Parameters

Location	Parameter Name	Input
Path	`id`	String
Path	`inum`	String

removeGroupMember#

URL

//api/v1/groups/{inum}/members/{minum}

HTTP Method

DELETE

Response Type

None

Parameters

Location	Parameter Name	Input
Path	`inum`	String
Path	`minum`	String

removeScopeToClient#

URL

//api/v1/clients/{inum}/scopes/{sinum}

HTTP Method

DELETE

Response Type

String

Parameters

Location	Parameter Name	Input
Path	`inum`	String
Path	`sinum`	String

removeScopeToUmaResource#

URL

//api/v1/uma/resources/{id}/scopes/{inum}

HTTP Method

DELETE

Response Type

UmaResource

Field	Data Type
`dn`	String
`inum`	String
`id`	String
`name`	String
`iconUri`	String
`scopes`	List
`scopeExpression`	String
`clients`	List
`resources`	List
`rev`	String
`creator`	String
`description`	String
`type`	String
`creationDate`	Date
`expirationDate`	Date
`deletable`	Boolean

Parameters

Location	Parameter Name	Input
Path	`id`	String
Path	`inum`	String

searchAttributes#

URL

//api/v1/attributes/search

HTTP Method

GET

Response Type

GluuAttribute

Field	Data Type	Options
`dn`	String
`selected`	Boolean
`inum`	String
`type`	String
`lifetime`	String
`sourceAttribute`	String
`salt`	String
`nameIdType`	String
`name`	String
`displayName`	String
`description`	String
`origin`	String
`dataType`	String	`string` `numeric` `boolean` `binary` `certificate` `generalizedTime`
`editType`	List
`viewType`	List
`usageType`	List
`oxAuthClaimName`	String
`seeAlso`	String
`status`	String	`active` `inactive` `expired` `register`
`saml1Uri`	String
`saml2Uri`	String
`urn`	String
`oxSCIMCustomAttribute`	Boolean
`oxMultivaluedAttribute`	Boolean
`custom`	Boolean
`requred`	Boolean
`attributeValidation`	AttributeValidation
`gluuTooltip`	String
`adminCanAccess`	Boolean
`adminCanView`	Boolean
`adminCanEdit`	Boolean
`userCanAccess`	Boolean
`userCanView`	Boolean
`whitePagesCanView`	Boolean
`userCanEdit`	Boolean
`baseDn` : String

Parameters

Location	Parameter Name	Input
Query	`pattern`	String
Query	`size`	Integer

searchGroups#

URL

//api/v1/clients/search

HTTP Method

GET

Response Type

String

Parameters

Location	Parameter Name	Input
Query	`pattern`	String
Query	`size`	Integer

searchGroups1#

URL

//api/v1/groups/search

HTTP Method

GET

Response Type

String

Parameters

Location	Parameter Name	Input
Query	`pattern`	String
Query	`size`	Integer

searchGroups2#

URL

//api/v1/users/search

HTTP Method

GET

Response Type

String

Parameters

Location	Parameter Name	Input
Query	`pattern`	String

searchScope#

URL

//api/v1/scopes/search

HTTP Method

GET

Response Type

String

Parameters

Location	Parameter Name	Input
Query	`pattern`	String
Query	`size`	Integer

searchSectorIdentifier#

URL

//api/v1/sectoridentifiers/search

HTTP Method

GET

Response Type

String

Parameters

Location	Parameter Name	Input
Query	`pattern`	String
Query	`size`	Integer

searchUmaResources#

URL

//api/v1/uma/resources/search

HTTP Method

GET

Response Type

String

Parameters

Location	Parameter Name	Input
Query	`pattern`	String
Query	`size`	Integer

searchUmaScopes#

URL

//api/v1/uma/scopes/search

HTTP Method

GET

Response Type

String

Parameters

Location	Parameter Name	Input
Query	`pattern`	String

status#

URL

//api/v1/configuration/ldap/status

HTTP Method

POST

Response Type

ConnectionStatusDTO

Field	Data Type
up	Boolean

Parameters

Location	Parameter Name	Input
Body		`LdapConnectionData(LdapConnectionData)`

status1#

URL

//api/v1/configuration/ldap/{name}/status

HTTP Method

GET

Response Type

ConnectionStatusDTO

Field	Data Type
up	Boolean

Parameters

Location	Parameter Name	Input
Path	`name`	String

testSmtpConfiguration#

URL

//api/v1/configuration/smtp/test

HTTP Method

GET

Response Type

SmtpConfiguration

Field	Data Type
`valid`	Boolean
`host`	String
`port`	Integer
`requires-ssl`	Boolean
`trust-host`	Boolean
`from-name`	String
`from-email-address`	String
`requires-authentication`	Boolean
`user-name`	String
`password`	String

Parameters

None

update#

URL

//api/v1/configuration/cas

HTTP Method

PUT

Response Type

CasProtocolDTO

Field	Data Type
`casBaseURL`	String
`shibbolethCASProtocolConfiguration`	`ShibbolethCASProtocolConfigurationDTO`

Parameters

Location	Parameter Name	Input
Body		`CasProtocolDTO(CasProtocolDTO)`

update1#

URL

//api/v1/configuration/ldap

HTTP Method

PUT

Response Type

LdapConfigurationDTO

Field	Data Type
`configId`	String
`bindDN`	String
`bindPassword`	String
`servers`	List
`maxConnections`	Integer
`useSSL`	Boolean
`baseDNs`	List
`primaryKey`	String
`localPrimaryKey`	String
`useAnonymousBind`	Boolean
`enabled`	Boolean
`level`	Integer

Parameters

Location	Parameter Name	Input
Body		`LdapConfigurationDTO(LdapConfiguraitonDTO)`

updateAttribute#

URL

//api/v1/attributes

HTTP Method

PUT

Response Type

GluuAttribute

Field	Data Type	Options
`dn`	String
`selected`	Boolean
`inum`	String
`type`	String
`lifetime`	String
`sourceAttribute`	String
`salt`	String
`nameIdType`	String
`name`	String
`displayName`	String
`description`	String
`origin`	String
`dataType`	String	`string` `numeric` `boolean` `binary` `certificate` `generalizedTime`
`editType`	List
`viewType`	List
`usageType`	List
`oxAuthClaimName`	String
`seeAlso`	String
`status`	String	`active` `inactive` `expired` `register`
`saml1Uri`	String
`saml2Uri`	String
`urn`	String
`oxSCIMCustomAttribute`	Boolean
`oxMultivaluedAttribute`	Boolean
`custom`	Boolean
`requred`	Boolean
`attributeValidation`	AttributeValidation
`gluuTooltip`	String
`adminCanAccess`	Boolean
`adminCanView`	Boolean
`adminCanEdit`	Boolean
`userCanAccess`	Boolean
`userCanView`	Boolean
`whitePagesCanView`	Boolean
`userCanEdit`	Boolean
`baseDn` : String

Parameters

Location	Parameter Name	Input
Body		`GluuAttribute(GluuAttribute)`

updateAuthenticationMethod#

URL

//api/v1/acrs

HTTP Method

PUT

Response Type

Field	Data Type
`defaultAcr`	String
`oxtrustAcr`	String

Parameters

Location	Parameter Name	Input
Body		`AuthenticationMethod(AuthenticationMethod)`

updateClient#

URL

//api/v1/clients

HTTP Method

PUT

Response Type

OxAuthClient

Field	Data Type	Options
`dn`	String
`selected`	Boolean
`inum`	String
`iname`	String
`displayName`	String
`description`	String
`oxAuthAppType`	String	`web` `native`
`contacts`	List
`oxAuthRedirectURIs`	List
`oxAuthPostLogoutRedirectURIs`	List
`oxAuthScopes`	List
`oxAuthClaims`	List
`encodedClientSecret`	String
`userPassword`	String
`associatedPersons`	List
`oxAuthTrustedClient`	Boolean
`responseTypes`	List
`grantTypes`	List
`logoUri`	String
`clientUri`	String
`policyUri`	String
`tosUri`	String
`jwksUri`	String
`jwks`	String
`sectorIdentifierUri`	String
`subjectType`	String	`pairwise` `public`
`idTokenTokenBindingCnf`	String
`rptAsJwt`	Boolean
`accessTokenAsJwt`	Boolean
`accessTokenSigningAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`idTokenSignedResponseAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`idTokenEncryptedResponseAlg`	String	`RSA1_5` `RSA-OAEP` `A128KW` `A256KW`
`idTokenEncryptedResponseEnc`	String	`A128CBC+HS256` `A256CBC+HS512` `A128GCM` `A256GCM`
`userInfoSignedResponseAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`userInfoEncryptedResponseAlg`	String	`RSA1_5` `RSA-OAEP` `A128KW` `A256KW`
`userInfoEncryptedResponseEnc`	String	`A128CBC+HS256` `A256CBC+HS512` `A128GCM` `A256GCM`
`requestObjectSigningAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`requestObjectEncryptionAlg`	String	`RSA1_5` `RSA-OAEP` `A128KW` `A256KW`
`requestObjectEncryptionEnc`	String	`A128CBC+HS256` `A256CBC+HS512` `A128GCM` `A256GCM`
`tokenEndpointAuthMethod`	String	`client_secret_basic` `client_secret_post` `client_secret_jwt` `private_key_jwt` `none`
`tokenEndpointAuthSigningAlg`	String	`none` `HS256` `HS384` `HS512` `RS256` `RS384` `RS512` `ES256` `ES384` `ES512`
`defaultMaxAge`	Integer
`requireAuthTime`	Boolean
`postLogoutRedirectUris`	List
`claimRedirectURI`	List
`logoutUri`	List
`logoutSessionRequired`	Boolean
`oxAuthPersistClientAuthorizations`	Boolean
`oxIncludeClaimsInIdToken`	Boolean
`oxRefreshTokenLifetime`	Integer
`accessTokenLifetime`	Integer
`defaultAcrValues`	List
`initiateLoginUri`	String
`clientSecretExpiresAt`	Date
`requestUris`	List
`authorizedOrigins`	List
`softwareId`	String
`softwareVersion`	String
`softwareStatement`	String
`disabled`	Boolean
`oxdId`	String
`oxAuthClientSecret`	String
`attributes`	ClientAttributes
`baseDn`	String

Parameters

Location	Parameter Name	Input
Body		`OxAuthClient(OxAuthClient)`

updateCustomScript#

URL

//api/v1/configuration/scripts

HTTP Method

PUT

Response Type

CustomScript

Field	Data Type	Options
`dn`	String
`inum`	String
`name`	String
`aliases`	List
`description`	String
`script`	String
`scriptType`	String	`person_authentication` `introspection` `resource_owner_password_credentials` `application_session` `cache_refresh` `update_user` `user_registration` `client_registration` `id_generator` `uma_rpt_policy` `uma_claims_gathering` `consent_gathering` `dynamic_scope` `scim`
`programmingLanguage`	String	`python` `javascript`
`moduleProperties`	List
`configurationProperties`	List
`level`	Integer
`revision`	Long
`enabled`	Boolean
`scriptError`	ScriptError
`modified`	Boolean
`internal`	Boolean
`locationType`	String	`ldap` `file`
`locationPath`	String
`baseDn`	String

Parameters

Location	Parameter Name	Input
Body		`CustomScript(CustomScript)`

updateGroup#

URL

//api/v1/groups

HTTP Method

PUT

Response Type

GluuGroupApi

Field	Data Type	Options
`inum`	String
`iname`	String
`displayName`	String
`description`	String
`owner`	String
`members`	List
`organization`	String
`status`	String	`active` `inactive` `expired` `register`

Parameters

Location	Parameter Name	Input
Body		`GluuPersonApi(GluuPersonApi)`

updateGroup1#

URL

//api/v1/users

HTTP Method

PUT

Response Type

Field	Data Type	Options
`inum`	String
`iname`	String
`surName`	String
`givenName`	String
`email`	String
`password`	String
`userName`	String
`displayName`	String
`creationDate`	Date
`status`	String	`active` `inactive` `expired` `register`

Parameters

Location	Parameter Name	Input
Body		`GluuPersonApi(GluuPersonApi)`

updateOxauthJsonSetting#

URL

//api/v1/configuration/oxauth/settings

HTTP Method

PUT

Response Type

oxAuthJsonConfiguration

Field	Data Type
`issuer`	String
`baseEndpoint`	String
`authorizationEndpoint`	String
`tokenEndpoint`	String
`tokenRevocationEndpoint`	String
`userInfoEndpoint`	String
`clientInfoEndpoint`	String
`checkSessionIFrame`	String
`endSessionEndpoint`	String
`jwksUri`	String
`registrationEndpoint`	String
`openIdDiscoveryEndpoint`	String
`openIdConfigurationEndpoint`	String
`idGenerationEndpoint`	String
`introspectionEndpoint`	String
`umaConfigurationEndpoint`	String
`sectorIdentifierEndpoint`	String
`oxElevenGenerateKeyEndpoint`	String
`oxElevenSignEndpoint`	String
`oxElevenVerifySignatureEndpoint`	String
`oxElevenDeleteKeyEndpoint`	String
`oxElevenJwksEndpoint`	String
`openidSubAttribute`	String
`responseTypesSupported`	List
`grantTypesSupported`	List
`subjectTypesSupported`	List
`defaultSubjectType`	String
`userInfoSigningAlgValuesSupported`	List
`userInfoEncryptionAlgValuesSupported`	List
`userInfoEncryptionEncValuesSupported`	List
`idTokenSigningAlgValuesSupported`	List
`idTokenEncryptionAlgValuesSupported`	List
`idTokenEncryptionEncValuesSupported`	List
`requestObjectSigningAlgValuesSupported`	List
`requestObjectEncryptionAlgValuesSupported`	List
`requestObjectEncryptionEncValuesSupported`	List
`tokenEndpointAuthMethodsSupported`	List
`tokenEndpointAuthSigningAlgValuesSupported`	List
`dynamicRegistrationCustomAttributes`	List
`displayValuesSupported`	List
`claimTypesSupported`	List
`serviceDocumentation`	String
`claimsLocalesSupported`	List
`idTokenTokenBindingCnfValuesSupported`	List
`uiLocalesSupported`	List
`dynamicGrantTypeDefault`	List
`claimsParameterSupported`	Boolean
`requestParameterSupported`	Boolean
`requestUriParameterSupported`	Boolean
`requireRequestUriRegistration`	Boolean
`allowPostLogoutRedirectWithoutValidation`	Boolean
`introspectionAccessTokenMustHaveUmaProtectionScope`	Boolean
`opPolicyUri`	String
`opTosUri`	String
`authorizationCodeLifetime`	Integer
`refreshTokenLifetime`	Integer
`idTokenLifetime`	Integer
`accessTokenLifetime`	Integer
`umaResourceLifetime`	Integer
`sessionAsJwt`	Boolean
`umaRptLifetime`	Integer
`umaTicketLifetime`	Integer
`umaPctLifetime`	Integer
`umaAddScopesAutomatically`	Boolean
`umaValidateClaimToken`	Boolean
`umaGrantAccessIfNoPolicies`	Boolean
`umaRestrictResourceToAssociatedClient`	Boolean
`umaKeepClientDuringResourceSetRegistration`	Boolean
`umaRptAsJwt`	Boolean
`cleanServiceInterval`	Integer
`keyRegenerationEnabled`	Boolean
`keyRegenerationInterval`	Integer
`defaultSignatureAlgorithm`	String
`oxOpenIdConnectVersion`	String
`organizationInum`	String
`oxId`	String
`dynamicRegistrationEnabled`	Boolean
`dynamicRegistrationExpirationTime`	Integer
`dynamicRegistrationPersistClientAuthorizations`	Boolean
`trustedClientEnabled`	Boolean
`skipAuthorizationForOpenIdScopeAndPairwiseId`	Boolean
`dynamicRegistrationScopesParamEnabled`	Boolean
`dynamicRegistrationCustomObjectClass`	String
`personCustomObjectClassList`	List
`persistIdTokenInLdap`	Boolean
`persistRefreshTokenInLdap`	Boolean
`authenticationFiltersEnabled`	Boolean
`invalidateSessionCookiesAfterAuthorizationFlow`	Boolean
`clientAuthenticationFiltersEnabled`	Boolean
`authenticationFilters`	List
`clientAuthenticationFilters`	List
`configurationInum`	String
`sessionIdUnusedLifetime`	Integer
`sessionIdUnauthenticatedUnusedLifetime`	Integer
`sessionIdEnabled`	Boolean
`sessionIdPersistOnPromptNone`	Boolean
`sessionIdLifetime`	Integer
`configurationUpdateInterval`	Integer
`cssLocation`	String
`jsLocation`	String
`imgLocation`	String
`metricReporterInterval`	Integer
`metricReporterKeepDataDays`	Integer
`pairwiseIdType`	String
`pairwiseCalculationKey`	String
`pairwiseCalculationSalt`	String
`shareSubjectIdBetweenClientsWithSameSectorId`	Boolean
`webKeysStorage`	String
`dnName`	String
`keyStoreFile`	String
`keyStoreSecret`	String
`endSessionWithAccessToken`	Boolean
`clientWhiteList`	List
`clientBlackList`	List
`legacyIdTokenClaims`	Boolean
`customHeadersWithAuthorizationResponse`	Boolean
`frontChannelLogoutSessionSupported`	Boolean
`updateUserLastLogonTime`	Boolean
`updateClientAccessTime`	Boolean
`enableClientGrantTypeUpdate`	Boolean
`corsConfigurationFilters`	List
`logClientIdOnClientAuthentication`	Boolean
`logClientNameOnClientAuthentication`	Boolean
`httpLoggingEnabled`	Boolean
`httpLoggingExludePaths`	List
`externalLoggerConfiguration`	String
`authorizationRequestCustomAllowedParameters`	List
`legacyDynamicRegistrationScopeParam`	Boolean
`openidScopeBackwardCompatibility`	Boolean
`useCacheForAllImplicitFlowObjects`	Boolean
`disableU2fEndpoint`	Boolean
`authenticationProtectionConfiguration`	`AuthenticationProtectionConfiguration`
`fido2Configuration`	Fido2Configuration
`loggingLevel`	String
`errorHandlingMethod`	String

Parameters

Location	Parameter Name	Input
Body		`OxAuthJsonConfiguration(OxAuthJsonConfiguration)`

updateOxtrustJsonSetting#

URL

//api/v1/configuration/oxtrust/settings

HTTP Method

PUT

Response Type

OxTrustJsonSetting

Field	Data Type
`orgName`	String
`supportEmail`	String
`scimTestMode`	Boolean
`authenticationRecaptchaEnabled`	Boolean
`enforceEmailUniqueness`	Boolean
`loggingLevel`	String
`passwordResetRequestExpirationTime`	Integer
`cleanServiceInterval`	Integer

Parameters

Location	Parameter Name	Input
Body		`OxTrustJsonSetting(OxTrustJsonSetting)`

updateOxtrustSetting#

URL

//api/v1/configuration/settings

HTTP Method

PUT

Response Type

OxtrustSetting

Field	Data Type
`allowPasswordReset`	String
`enablePassport`	String
`enableScim`	String
`allowProfileManagement`	String

Parameters

Location	Parameter Name	Input
Body		`OxtrustSetting(OxtrustSetting)`

updatePassportBasicConfig#

URL

//api/v1/passport/config

HTTP Method

PUT

Response Type

String

Parameters

Location	Parameter Name	Input
Body		`Configuration(Configuration)`

updatePassportProvider#

URL

//api/v1/passport/providers

HTTP Method

PUT

Response Type

Provider

Field	Data Type
`id`	String
`displayName`	String
`type`	String
`mapping`	String
`passportStrategyId`	String
`enabled`	Boolean
`callbackUrl`	String
`requestForEmail`	Boolean
`emailLinkingSafe`	Boolean
`passportAuthnParams`	String
`options`	Map
`logo_img`	String

Parameters

Location	Parameter Name	Input
Body		Provider(Provider)

updateRadiusClient#

URL

//api/v1/radius/clients

HTTP Method

PUT

Response Type

RadiusClient

Field	Data Type
`dn`	String
`inum`	String
`name`	String
`ipAddress`	String
`secret`	String
`priority`	Integer

Parameters

Location	Parameter Name	Input
Body		`RadiusClient(RadiusClient)`

updateScope#

URL

//api/v1/scopes

HTTP Method

PUT

Response Type

Scope

Field	Data Type	Options
`dn`	String
`inum`	String
`displayName`	String
`id`	String
`iconUrl`	String
`description`	String
`scopeType`	String	`openid` `dynamic` `uma` `oauth`
`oxAuthClaims`	List
`defaultScope`	Boolean
`oxAuthGroupClaims`	Boolean
`dynamicScopeScripts`	List
`umaAuthorizationPolicies`	List
`umaType`	Boolean

Parameters

Location	Parameter Name	Input
Body		`Scope(Scope)`

updateSectorIdentifier#

URL

//api/v1/sectoridentifiers

HTTP Method

PUT

Response Type

OxAuthSectorIdentifier

Field	Data Type
`dn`	String
`selected`	Boolean
`id`	String
`description`	String
`redirectUris`	List
`clientIds`	List
`loginUri`	String
`baseDn`	String

Parameters

Location	Parameter Name	Input
Body		`OxAuthSectorIdentifier(OxAuthSectorIdentifier)`

updateServerConfiguration#

URL

//api/v1/radius/settings

HTTP Method

PUT

Response Type

ServerConfiguration

Field	Data Type
`dn`	String
`listenInterface`	String
`authPort`	Integer
`acctPort`	Integer
`openidUsername`	String
`openidPassword`	String
`openidBaseUrl`	String
`acrValue`	String
`scopes`	List
`authenticationTimeout`	Integer

Parameters

Location	Parameter Name	Input
Body		`ServerConfiguration(ServerConfiguration)`

updateSmtpConfiguration#

URL

//api/v1/configuration/smtp

HTTP Method

PUT

Response Type

SmtpConfiguration

Field	Data Type
`valid`	Boolean
`host`	String
`port`	Integer
`requires-ssl`	Boolean
`trust-host`	Boolean
`from-name`	String
`from-email-address`	String
`requires-authentication`	Boolean
`user-name`	String
`password`	String

Parameters

Location	Parameter Name	Input
Body		`SmtpConfiguration(SmtpConfiguration)`

updateUmaResource#

URL

//api/v1/uma/resources

HTTP Method

PUT

Response Type

UmaResource

Field	Data Type
`dn`	String
`inum`	String
`id`	String
`name`	String
`iconUri`	String
`scopes`	List
`scopeExpression`	String
`clients`	List
`resources`	List
`rev`	String
`creator`	String
`description`	String
`type`	String
`creationDate`	Date
`expirationDate`	Date
`deletable`	Boolean

Parameters

Location	Parameter Name	Input
Body		`UmaResource(UmaResource)`

updateUmaScope#

URL

//api/v1/uma/scopes

HTTP Method

PUT

Response Type

Scope

Field	Data Type	Options
`dn`	String
`inum`	String
`displayName`	String
`id`	String
`iconUrl`	String
`description`	String
`scopeType`	String	`openid` `dynamic` `uma` `oauth`
`oxAuthClaims`	List
`defaultScope`	Boolean
`oxAuthGroupClaims`	Boolean
`dynamicScopeScripts`	List
`umaAuthorizationPolicies`	List
`umaType`	Boolean

Parameters

Location	Parameter Name	Input
Body		`Scope(Scope)`

License#

Gluu oxTrust APIs are made available under the Apache License 2.0.