skip to main content
Administering Hybrid Data Pipeline : Authentication : Integrating external authentication with a Java plugin : Provisioning end users to authenticate with an external authentication service (Java authentication plugin)
  

Try Now
Provisioning end users to authenticate with an external authentication service (Java authentication plugin)
After the Java plugin external authentication service has been registered, end users can be provisioned to authenticate via the external authentication service. In this scenario, the Users API must be used to create or modify user accounts. The example below involves a basic operation that creates a user account that authenticates with an external service. However, more advanced operations are supported. See Advanced functionality for authentication services for details.

POST operation

The POST operation will have the following syntax.
POST https://<myserver>:<port>/api/admin/users

Payload definition

The payload used to create a user can be defined as follows.
{
"userName": "user_name",
"tenantId": tenant_id,
"statusInfo": {status_information},
"passwordInfo": {password_information},
"permissions": {permissions},
"authenticationInfo": {authentication_information}
}
Property
Description
Usage
Valid Values
"userName"
The name of the user account.
Required
The maximum length is 128 characters.
"tenantId"
The ID of the tenant to which the user belongs.
Optional
A valid tenant ID.
Note: When tenantId is not specified, the user is created in the tenant in which the administrator executing the operation resides.
"statusInfo"
The status of the user account defined by the status property and additional properties associated with an account lockout policy.
Required
See statusInfo Object for details.
"passwordInfo"
Password information associated with the user account defined by the password, passwordStatus, and passwordExpiration properties.
Optional
See passwordInfo Object for details.
"permissions"
Permissions associated with the user account in terms of the role(s) and permissions set explicitly on the account. User account permissions are the sum of the permissions on associated role(s) and permissions set explicitly on the account. A user account may only be assigned roles in their tenant.
Optional
See permissions Object for details.
"authenticationInfo"
Authentication information associated with the user account as defined by the authUserName and authServiceId properties. The authenticationInfo object does not need to be included in a request payload when the default internal authentication service is being used. When an external authentication service is being used, authenticationInfo must be included in the request payload. If authenticationInfo is not passed, a default authenticationInfo object is created where the userName of the account object is used as the authUserName and the authServiceId specifies the ID of the internal authentication service (1).
Optional
See authenticationInfo Object for details.

Example

The following POST operation creates a user account using an external authentication service. Here the end user (user_external) authenticates via a Java plugin external authentication service ("authServiceId": 43). This end user inherits all the attributes associated with the testuser account.
POST https://MyServer:8443/api/admin/users
Request payload
{
"userName": "testuser",
"tenantId": 1,
"statusInfo": {
"status": 1,
"accountLocked": false
},
"passwordInfo": {
"passwordStatus": 1,
"passwordExpiration": "2020-01-01 00:00:00"
},
"permissions": {
"roles": [
2
]
},
"authenticationInfo": {
"authUsers": [
{
"authUserName": "user_external",
"authServiceId": 43
}
]
}
}
Request payload
Status code: 201
Successful response
{
"id": 4,
"userName": "testuser",
"tenantId": 1,
"statusInfo": {
"status": 1,
"accountLocked": false
},
"passwordInfo": {
"passwordStatus": 1,
"passwordExpiration": "2020-01-01 00:00:00"
},
"permissions": {
"roles": [
2
]
},
"authenticationInfo": {
"authUsers": [
{
"authUserName": "user_external",
"authServiceId": 43
}
]
}
}