{ "openapi" : "3.0.0", "info" : { "contact" : { "email" : "suppport@boschrexroth.com", "name" : "Bosch Rexroth AG", "url" : "https://www.boschrexroth.com" }, "description" : "This is an API for the identity management on ctrX devices.", "title" : "ctrlX OS - Authorization and Authentication API", "version" : "2.10.0" }, "servers" : [ { "description" : "Use this, if this page and the api are on the same server", "url" : "/identity-manager/api/v2" }, { "url" : "https://{host}/identity-manager/api/{version}", "variables" : { "host" : { "default" : "localhost" }, "version" : { "default" : "v2", "description" : "The version of the API", "enum" : [ "v2" ] } } } ], "security" : [ { "BearerAuth" : [ ] }, { "UsernamePassword" : [ ] }, { "CookieAuth" : [ ] } ], "tags" : [ { "name" : "Settings" }, { "name" : "Session Management" }, { "name" : "Authentication" }, { "name" : "User Management" }, { "name" : "Policies" }, { "name" : "Group Management" }, { "name" : "Scope Management" }, { "name" : "Provided Scopes" }, { "name" : "Requested Scopes" }, { "name" : "LoginLockedStatus" }, { "name" : "Remote Auth Management" }, { "description" : "Manage settings that belong to a specific user", "name" : "User-specific Settings" }, { "description" : "Manage settings of roles", "name" : "Role Management" }, { "description" : "Used for initial setup of the user management", "name" : "Setup" } ], "paths" : { "/settings/easyserviceaccess" : { "get" : { "description" : "Get easy service access settings.", "operationId" : "getEasyServiceAccessSettings", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/EasyServiceAccessSettings" } } }, "description" : "OK" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get easy service access settings.", "tags" : [ "Settings" ] }, "put" : { "description" : "Update easy service access settings.", "operationId" : "updateEasyServiceAccessSettings", "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/EasyServiceAccessSettings" } } }, "description" : "The easy service access settings.", "required" : true }, "responses" : { "204" : { "description" : "OK, easy service access settings saved" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update easy service access settings.", "tags" : [ "Settings" ] } }, "/settings/loginbanner" : { "get" : { "description" : "Get the login banner that is shown with the login screen.", "operationId" : "getLoginBanner", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/LoginBanner" } } }, "description" : "OK" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "security" : [ ], "summary" : "Get the login banner that is shown with the login screen.", "tags" : [ "Settings" ] }, "put" : { "description" : "Set the login banner that is shown with the login screen.", "operationId" : "setLoginBanner", "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/LoginBanner" } } }, "description" : "The new login banner text.", "required" : true }, "responses" : { "204" : { "description" : "OK, new banner saved" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Set the login banner that is shown with the login screen.", "tags" : [ "Settings" ] } }, "/settings/session" : { "get" : { "description" : "get all Session-related settings object", "operationId" : "getSessionSettings", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/SessionSettings" } } }, "description" : "OK" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get session-related settings", "tags" : [ "Settings" ] }, "put" : { "description" : "Set session default settings", "operationId" : "putSessionSettings", "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/SessionSettings" } } }, "description" : "Object with all Session-related Settings", "required" : true }, "responses" : { "204" : { "description" : "OK, settings saved" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Set session settings", "tags" : [ "Settings" ] } }, "/sessions" : { "get" : { "description" : "Get session-sbject srray (sessions-summary)", "operationId" : "getSessions", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "items" : { "$ref" : "#/components/schemas/Session" }, "type" : "array" } } }, "description" : "OK" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get all open Sessions", "tags" : [ "Session Management" ] } }, "/sessions/{id}" : { "delete" : { "description" : "Close Session via Session-ID", "operationId" : "deleteSession", "parameters" : [ { "description" : "Session ID", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "204" : { "description" : "OK, Session closed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Close session via session ID", "tags" : [ "Session Management" ] }, "get" : { "description" : "Get details of session with given ID", "operationId" : "getSession", "parameters" : [ { "description" : "Session ID", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Session" } } }, "description" : "OK, Session Details in content" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get session with session ID", "tags" : [ "Session Management" ] } }, "/auth/token" : { "delete" : { "description" : "Destroys the authentication token of the currently logged in user.", "operationId" : "destroyToken", "responses" : { "204" : { "description" : "Token successfully destroyed." } }, "summary" : "Destroy an authentication token", "tags" : [ "Authentication" ] }, "get" : { "description" : "Exchanges the session ID (from cookie) for a token. The backend verifies the session ID and returns the token, which is solely used by the frontend to retrieve user details.", "operationId" : "getToken", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Token" } } }, "description" : "return Token for the login user." }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" } }, "security" : [ { "CookieAuth" : [ ] } ], "summary" : "Exchanges the session ID (from cookie) for a token.", "tags" : [ "Authentication" ] }, "post" : { "description" : "Create an authentication token for the specified user.", "operationId" : "createToken", "parameters" : [ { "description" : "If true, ignore remote authentication.", "explode" : true, "in" : "query", "name" : "force-local-auth", "required" : false, "schema" : { "type" : "boolean" }, "style" : "form" }, { "description" : "If true only the credentials are checked, no token or session is created.", "explode" : true, "in" : "query", "name" : "dryrun", "required" : false, "schema" : { "default" : false, "type" : "boolean" }, "style" : "form" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Credentials" } } }, "description" : "Username and password", "required" : true }, "responses" : { "204" : { "description" : "The dryrun was successful." }, "201" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Token" } } }, "description" : "Token successfully created.", "headers" : { "Location" : { "description" : "The location of the newly created object", "explode" : false, "schema" : { "format" : "uri", "type" : "string" }, "style" : "simple" } } }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "security" : [ ], "summary" : "Create an authentication token.", "tags" : [ "Authentication" ] } }, "/auth/token/validity" : { "get" : { "description" : "Validate token.", "operationId" : "validateToken", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Validity" } } }, "description" : "Get validity of token." } }, "summary" : "Validate token.", "tags" : [ "Authentication" ] } }, "/auth/oidc/login" : { "get" : { "description" : "Redirects to the OIDC login page.\nOAuth2.0 authorization code flow is used to exchange the authorization code for an access token.\n", "operationId" : "oidcLogin", "parameters" : [ { "description" : "The id of the OpenID Connect identity provider.", "explode" : true, "in" : "query", "name" : "provider-id", "required" : true, "schema" : { "type" : "string" }, "style" : "form" }, { "description" : "The page to redirect to after successful login.", "example" : "/motion", "explode" : true, "in" : "query", "name" : "page", "required" : false, "schema" : { "type" : "string" }, "style" : "form" } ], "responses" : { "302" : { "description" : "Redirects to the OIDC login page.", "headers" : { "Location" : { "description" : "The URL of the OIDC login page.", "explode" : false, "schema" : { "format" : "uri", "type" : "string" }, "style" : "simple" } } } }, "security" : [ ], "summary" : "Redirect to OIDC login page.", "tags" : [ "Authentication" ] } }, "/auth/oidc/callback" : { "get" : { "description" : "Callback endpoint for OpenID Connect authentication. This endpoint is called by the OIDC identity provider after a successful login.\nOAuth2.0 authorization code flow is used to exchange the authorization code for an access token.\n", "operationId" : "oidcCallback", "parameters" : [ { "description" : "The authorization code received from the OIDC identity provider.", "explode" : true, "in" : "query", "name" : "code", "required" : true, "schema" : { "type" : "string" }, "style" : "form" } ], "responses" : { "302" : { "description" : "Redirects to the ctrlX OS login page.", "headers" : { "Location" : { "description" : "The URL of the ctrlX OS login page.", "explode" : false, "schema" : { "format" : "uri", "type" : "string" }, "style" : "simple" } } }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "security" : [ ], "summary" : "OIDC callback.", "tags" : [ "Authentication" ] } }, "/systemusergen" : { "post" : { "description" : "Creates a new system user account with assertion file. Requires administration privileges. The created user is active (true) by default and has sudo permissions.", "operationId" : "systemUserGen", "requestBody" : { "content" : { "multipart/form-data" : { "schema" : { "$ref" : "#/components/schemas/UploadAssertion" } } }, "description" : "system user assertion file", "required" : true }, "responses" : { "201" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/User" } } }, "description" : "User creation successful.", "headers" : { "Location" : { "description" : "The location of the newly created object", "explode" : false, "schema" : { "format" : "uri", "type" : "string" }, "style" : "simple" } } }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Create a new system user account", "tags" : [ "User Management" ] } }, "/setup" : { "post" : { "description" : "Replaces the default admin user with custom credentials. You must change the default admin credentials immediately after initial system startup. This endpoint is accessible without authentication on purpose and is deactivated automatically once the terms of use have been accepted, the initial user account's credentials are changed, or multiple local user accounts are present on the system.", "operationId" : "applyInitialSetup", "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/SetupData" } } }, "description" : "Contains initial setup data such as admin credentials.", "required" : true }, "responses" : { "204" : { "description" : "Initial setup completed successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "security" : [ ], "summary" : "Set initial IDM settings", "tags" : [ "Setup" ] } }, "/setup/state" : { "get" : { "description" : "Returns whether initial setup has been completed. The state reflects if default admin credentials are still in use or have been changed via the setup endpoint or manually. No authentication required.", "operationId" : "getSetupState", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/SetupState" } } }, "description" : "Setup state retrieved successfully." }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "security" : [ ], "summary" : "Returns if the initial setup is still required.", "tags" : [ "Setup" ] } }, "/users" : { "get" : { "description" : "Retrieve the users and their current status", "operationId" : "getUsers", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Users" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "List users", "tags" : [ "User Management" ] }, "post" : { "description" : "Creates a new user account. Requires administration privileges. The created user is active (true) by default.", "operationId" : "createUser", "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/User" } } }, "description" : "Name of the normal user or assertion of system user", "required" : true }, "responses" : { "201" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/User" } } }, "description" : "User creation successful.", "headers" : { "Location" : { "description" : "The location of the newly created object", "explode" : false, "schema" : { "format" : "uri", "type" : "string" }, "style" : "simple" } } }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Create a new user account", "tags" : [ "User Management" ] } }, "/users/{id}" : { "delete" : { "description" : "Delete the user with the specified id", "operationId" : "deleteUser", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "204" : { "description" : "User account deleted successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Delete a user", "tags" : [ "User Management" ] }, "get" : { "description" : "Retrieve the details of the user with the specified id", "operationId" : "getUser", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/User" } } }, "description" : "User details." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Retrieve details of a user", "tags" : [ "User Management" ] }, "put" : { "description" : "Update writable properties of a user with the specified id. Such as lock state, individual session settings.\n", "operationId" : "updateUser", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/User" } } }, "description" : "User object with updated lock state and individual session settings.", "required" : true }, "responses" : { "204" : { "description" : "OK, properties saved." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update writable properties of a user", "tags" : [ "User Management" ] } }, "/users/{id}/locked" : { "put" : { "description" : "Change the lock state of the user with the specified id", "operationId" : "updateLockState", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/User" } } }, "description" : "User object with updated lock state", "required" : true }, "responses" : { "204" : { "description" : "Lock state updated successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Change the lock state of a user", "tags" : [ "User Management" ] } }, "/users/{id}/credentials" : { "get" : { "description" : "Function retrieves the password hash of a user which consists of the algorithm, salt and the hashed password (id$salt$hash) as found inside the password file.\n", "operationId" : "getPasswordHash", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Passwords" } } }, "description" : "Current password hash of the user with format id$salt$hash" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get the password hash of a user", "tags" : [ "User Management" ] }, "put" : { "description" : "Changes the password (hash) of the user with the specified id. Only administrators are allowed to change the passwords of other users. Regular users need to supply the current password to set a new password (hash). The password can be directly supplied in hashed form if the corresponding query parameter is set.\n", "operationId" : "changePassword", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" }, { "description" : "If true the new password is expected to be a hash value consisting of algorithm, salt and hash value (id$salt$hash). This hash value will be stored inside the password file as the new user's password. If the query parameter is false, the new password is expected to be a string value which will be hashed by some password hashing function prior to being stored inside the password file.\n", "explode" : true, "in" : "query", "name" : "hashed", "required" : false, "schema" : { "type" : "boolean" }, "style" : "form" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Passwords" } } }, "description" : "New and current password (hash) (optional for admin users)", "required" : true }, "responses" : { "204" : { "description" : "Password update successful." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "409" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Conflict with the current state of the resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Change the password (hash) of a user", "tags" : [ "User Management" ] } }, "/users/{id}/membership" : { "get" : { "description" : "Get the groups of which the specified user is a member of.\n", "operationId" : "getMembership", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Groups" } } }, "description" : "Groups, to which the user belongs." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get the groups of the specified user.", "tags" : [ "User Management" ] }, "post" : { "description" : "Assigns the specified groups to a user.\n", "operationId" : "addMembership", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Group" } } }, "description" : "Group assignment of the user", "required" : true }, "responses" : { "204" : { "description" : "Group assignment updated successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Add the user to the specified group.", "tags" : [ "User Management" ] }, "put" : { "description" : "Assigns the specified groups to a user.\n", "operationId" : "updateMembership", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Groups" } } }, "description" : "Group assignment of the user", "required" : true }, "responses" : { "204" : { "description" : "Group assignment updated successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update the group membership of a user.", "tags" : [ "User Management" ] } }, "/users/{id}/membership/{groupid}" : { "delete" : { "description" : "Delete the membership of the user to the specified group.\n", "operationId" : "deleteMembership", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" }, { "description" : "The group id", "explode" : false, "in" : "path", "name" : "groupid", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "204" : { "description" : "Group membership deleted." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Remove the specified user from the specified group.", "tags" : [ "User Management" ] } }, "/users/{id}/scopes" : { "get" : { "description" : "Get the scopes which is granted to the specified user.\n", "operationId" : "getScopesOfUser", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Scopes" } } }, "description" : "Scopes, which are granted to the user." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get the granted scopes of the specified user.", "tags" : [ "User Management" ] }, "put" : { "description" : "Grant scopes to a user.\n", "operationId" : "updateScopesOfUser", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Scopes" } } }, "description" : "Scope assignment of the user", "required" : true }, "responses" : { "204" : { "description" : "Scope assignment updated successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update the granted scopes of a user.", "tags" : [ "User Management" ] } }, "/users/{id}/settings" : { "get" : { "description" : "Get settings of the specified user.\n", "operationId" : "getSettingsOfUser", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" }, { "description" : "Name of settings to get.", "explode" : true, "in" : "query", "name" : "filters", "required" : false, "schema" : { "items" : { "type" : "string" }, "type" : "array" }, "style" : "form" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/UserSettings" } } }, "description" : "Got settings successfully." }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" } }, "summary" : "Get settings of the specified user.", "tags" : [ "User-specific Settings" ] }, "patch" : { "description" : "Update given settings of a user.\n", "operationId" : "updateSettingsOfUser", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/UserSettings" } } }, "description" : "Settings update of the user", "required" : true }, "responses" : { "204" : { "description" : "Settings updated successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update given settings of the specified user.", "tags" : [ "User-specific Settings" ] }, "put" : { "description" : "Replace all settings of a user.\n", "operationId" : "setSettingsOfUser", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/UserSettings" } } }, "description" : "Settings assignment of the user", "required" : true }, "responses" : { "204" : { "description" : "Settings assigned successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Replace all settings of the specified user.", "tags" : [ "User-specific Settings" ] } }, "/password-policies" : { "get" : { "description" : "Returns all existing named password policies. Note that there will always be one default (non-erasable) password policy on the system\n", "operationId" : "getNamedPasswordPolicies", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/NamedPasswordPolicies" } } }, "description" : "Returns all existing named password policies." }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get all existing named password policies", "tags" : [ "Policies" ] }, "post" : { "description" : "Creates a new named password policy that could be assigned to a user afterewards. Note that there is already one default (non-erasable) password policy on the system.\n", "operationId" : "addNamedPasswordPolicy", "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/NamedPasswordPolicy" } } }, "description" : "Data of of the new named password policy", "required" : true }, "responses" : { "201" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/NamedPasswordPolicy" } } }, "description" : "Successful creation of the named policy set", "headers" : { "Location" : { "description" : "The location of the newly created object", "explode" : false, "schema" : { "format" : "uri", "type" : "string" }, "style" : "simple" } } }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Create a new named password policiy", "tags" : [ "Policies" ] } }, "/password-policies/{policyId}" : { "delete" : { "description" : "Delete the named password policy with the given policyId\n", "operationId" : "deleteNamedPasswordPolicy", "parameters" : [ { "description" : "The unique id of the named password policy", "explode" : false, "in" : "path", "name" : "policyId", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "204" : { "description" : "Named password policy deleted successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Delete the named password policy", "tags" : [ "Policies" ] }, "get" : { "description" : "Returns the named password policy with the given policyId\n", "operationId" : "getNamedPasswordPolicy", "parameters" : [ { "description" : "The unique id of the named password policy", "explode" : false, "in" : "path", "name" : "policyId", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/NamedPasswordPolicy" } } }, "description" : "Returns the named password policy data." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get existing named password policy by id", "tags" : [ "Policies" ] }, "put" : { "description" : "Selects the named policy by the policyId and overwrites it with the new named password policy data\n", "operationId" : "updateNamedPasswordPolicy", "parameters" : [ { "description" : "The unique id of the named password policy", "explode" : false, "in" : "path", "name" : "policyId", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/NamedPasswordPolicy" } } }, "description" : "The new set of named password policies to be applied / updated", "required" : true }, "responses" : { "204" : { "description" : "The named password policy was updated successfully." }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update the named password policy", "tags" : [ "Policies" ] } }, "/users/{id}/pwdchgatnextlogin" : { "get" : { "description" : "Check if the user with id is forced to change password at next login.\n", "operationId" : "checkForcedChpasswd", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/ForceChpasswd" } } }, "description" : "Status, whether the user is forced to change password at next login." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Check if the user is forced to change password at next login.", "tags" : [ "User Management" ] }, "put" : { "description" : "Enable/Disable force user with id to change password at next login", "operationId" : "enforceChpasswd", "parameters" : [ { "description" : "The user id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/ForceChpasswd" } } }, "description" : "Status, whether the user is forced to change password at next login.", "required" : true }, "responses" : { "204" : { "description" : "Enforce user to change passsword at next login successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Enable/Disable force password change at next login", "tags" : [ "User Management" ] } }, "/self/password-policy" : { "get" : { "description" : "This request returns the the currently active password policy of the currently logged-in user.\n", "operationId" : "getUserNamedPasswordPolicy", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/NamedPasswordPolicy" } } }, "description" : "Returns the named password policy data of the logged-in user" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Returns the currently active password policy of the logged-in user", "tags" : [ "Policies" ] } }, "/groups" : { "get" : { "description" : "Retrieve a list of groups that are available on the system", "operationId" : "getGroups", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Groups" } } }, "description" : "List of groups" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "List available groups", "tags" : [ "Group Management" ] }, "post" : { "description" : "Creates a new user group. Requires administration privileges.", "operationId" : "createGroup", "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Group" } } }, "description" : "Name of the group to be created", "required" : true }, "responses" : { "201" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Group" } } }, "description" : "Group created successfully.", "headers" : { "Location" : { "description" : "The location of the newly created object", "explode" : false, "schema" : { "format" : "uri", "type" : "string" }, "style" : "simple" } } }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Create a new group", "tags" : [ "Group Management" ] } }, "/groups/{id}" : { "delete" : { "description" : "Delete the group with the specified id", "operationId" : "deleteGroup", "parameters" : [ { "description" : "The group id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "204" : { "description" : "Group deleted." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Delete a group", "tags" : [ "Group Management" ] }, "get" : { "description" : "Retrieve the details of the group with the specified id", "operationId" : "getGroup", "parameters" : [ { "description" : "The group id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Group" } } }, "description" : "Group details." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Retrieve details of a group", "tags" : [ "Group Management" ] } }, "/groups/{id}/members" : { "get" : { "description" : "Get the members of the specified group.\n", "operationId" : "getGroupMembers", "parameters" : [ { "description" : "The group id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Users" } } }, "description" : "The members of the group." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get the members of the specified group.", "tags" : [ "Group Management" ] }, "post" : { "description" : "Adds the specified user to the group.\n", "operationId" : "addGroupMember", "parameters" : [ { "description" : "The group id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/User" } } }, "description" : "User to be added to the group", "required" : true }, "responses" : { "204" : { "description" : "User assignment updated successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Add the user to the specified group.", "tags" : [ "Group Management" ] }, "put" : { "description" : "Updates the members of the specified group\n", "operationId" : "updateMembers", "parameters" : [ { "description" : "The group id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Users" } } }, "description" : "Member(s) of the group", "required" : true }, "responses" : { "204" : { "description" : "Updated group members successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update group members", "tags" : [ "Group Management" ] } }, "/groups/{id}/members/{userid}" : { "delete" : { "description" : "Remove the membership of the specified user to the specified group\n", "operationId" : "deleteUserInGroup", "parameters" : [ { "description" : "The group id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" }, { "description" : "The user id", "explode" : false, "in" : "path", "name" : "userid", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "204" : { "description" : "Group membership deleted." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Remove a user from the group", "tags" : [ "Group Management" ] } }, "/groups/{id}/scopes" : { "get" : { "description" : "Get the scopes which is granted to the specified group.\n", "operationId" : "getScopesOfGroup", "parameters" : [ { "description" : "The group id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Scopes" } } }, "description" : "Scopes, which are granted to the group." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get the granted scopes of the specified group.", "tags" : [ "Group Management" ] }, "put" : { "description" : "Grant scopes to a group.\n", "operationId" : "updateScopesOfGroup", "parameters" : [ { "description" : "The group id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Scopes" } } }, "description" : "Scope assignment of the group", "required" : true }, "responses" : { "204" : { "description" : "Scope assignment updated successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update the granted scopes of a group.", "tags" : [ "Group Management" ] } }, "/roles" : { "get" : { "description" : "Retrieves a list of available roles.\n", "operationId" : "getRoles", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Roles" } } }, "description" : "List of roles" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get roles.", "tags" : [ "Role Management" ] }, "post" : { "description" : "Creates a new role for managing access permissions for single sign-on (SSO) users and groups.\n", "operationId" : "createRole", "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Role" } } }, "description" : "the role to be created", "required" : true }, "responses" : { "201" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Role" } } }, "description" : "Role created successfully.", "headers" : { "Location" : { "description" : "The location of the newly created object", "explode" : false, "schema" : { "format" : "uri", "type" : "string" }, "style" : "simple" } } }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Create Role", "tags" : [ "Role Management" ] } }, "/roles/{id}" : { "delete" : { "description" : "Deletes a role. Requires the role id as a parameter.\n", "operationId" : "deleteRole", "parameters" : [ { "description" : "The role id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "204" : { "description" : "Role deleted." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Delete Role", "tags" : [ "Role Management" ] }, "get" : { "description" : "Retrieves a role. Requires the role id as a parameter\n", "operationId" : "getRole", "parameters" : [ { "description" : "The role id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Role" } } }, "description" : "return the role with the given id." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get role.", "tags" : [ "Role Management" ] }, "put" : { "description" : "Update a role. Requires the role id as a parameter.\n", "operationId" : "updateRole", "parameters" : [ { "description" : "The role id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Role" } } }, "description" : "the role to be updated", "required" : true }, "responses" : { "204" : { "description" : "Role updated." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update Role", "tags" : [ "Role Management" ] } }, "/roles/{id}/scopes" : { "get" : { "description" : "Retrieves the set of granted scopes for a specific role.\n", "operationId" : "getScopesOfRole", "parameters" : [ { "description" : "The role id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Scopes" } } }, "description" : "Scopes, which are granted to the role." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get granted scopes for a role.", "tags" : [ "Role Management" ] }, "put" : { "description" : "Updates the set of granted scopes for a specific role. This allows modification of the permissions and access associated with that role.\n", "operationId" : "updateScopesOfRole", "parameters" : [ { "description" : "The role id", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Scopes" } } }, "description" : "Scope assignment of the role", "required" : true }, "responses" : { "204" : { "description" : "Scope assignment updated successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update granted scopes for a role.", "tags" : [ "Role Management" ] } }, "/scopes" : { "get" : { "description" : "Retrieve the scopes, which are registered in identity-manager", "operationId" : "getScopes", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Apps" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "List Scopes", "tags" : [ "Scope Management" ] } }, "/scopes/{identifier}/users" : { "get" : { "description" : "Get the users, to which the specified scope is granted.\n", "operationId" : "getUsersOfScope", "parameters" : [ { "description" : "The identifier of scope", "explode" : false, "in" : "path", "name" : "identifier", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Users" } } }, "description" : "The users, to which the specified scope is granted." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get the users of the specified scope.", "tags" : [ "Scope Management" ] }, "put" : { "description" : "Update the users, to which the specified scope is granted.\n", "operationId" : "updateUsersOfScope", "parameters" : [ { "description" : "The identifier of scope", "explode" : false, "in" : "path", "name" : "identifier", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Users" } } }, "description" : "Users, to which the scope is granted.", "required" : true }, "responses" : { "204" : { "description" : "Grant the scope to users successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update the users of the specified scope.", "tags" : [ "Scope Management" ] } }, "/scopes/{identifier}/groups" : { "get" : { "description" : "Get the groups, to which the specified scope is granted.\n", "operationId" : "getGroupsOfScope", "parameters" : [ { "description" : "The identifier of scope", "explode" : false, "in" : "path", "name" : "identifier", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Groups" } } }, "description" : "The groups, to which the specified scope is granted." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get the groups of the specified scope.", "tags" : [ "Scope Management" ] }, "put" : { "description" : "Update the groups, to which the specified scope is granted.\n", "operationId" : "updateGroupsOfScope", "parameters" : [ { "description" : "The identifier of scope", "explode" : false, "in" : "path", "name" : "identifier", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Groups" } } }, "description" : "groups, to which the scope is granted.", "required" : true }, "responses" : { "204" : { "description" : "Grant the scope to groups successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update the groups of the specified scope.", "tags" : [ "Scope Management" ] } }, "/scopes/{identifier}/roles" : { "get" : { "description" : "Get the roles associated with a specific scope.\n", "operationId" : "getRolesOfScope", "parameters" : [ { "description" : "The identifier of scope", "explode" : false, "in" : "path", "name" : "identifier", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Roles" } } }, "description" : "The roles, to which the specified scope is granted." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get Roles for Scope", "tags" : [ "Scope Management" ] }, "put" : { "description" : "Updates the roles associated with a specific scope.\n", "operationId" : "updateRolesOfScope", "parameters" : [ { "description" : "The identifier of scope", "explode" : false, "in" : "path", "name" : "identifier", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Roles" } } }, "description" : "roles, to which the scope is granted.", "required" : true }, "responses" : { "204" : { "description" : "Grant the scope to roles successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update Roles for Scope", "tags" : [ "Scope Management" ] } }, "/apps" : { "get" : { "description" : "Returns all apps that provide or request permissions", "operationId" : "GetAllApplications", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Apps" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get applications that deal with scopes", "tags" : [ "Provided Scopes", "Requested Scopes" ] } }, "/apps/{applicationId}/scopes" : { "get" : { "description" : "Returns all provided scopes (dynamic and static) of an app", "operationId" : "getScopesOfApplication", "parameters" : [ { "description" : "App name as defined in apps management api", "explode" : false, "in" : "path", "name" : "applicationId", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Scopes" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get all provided scopes (dynamic and static) of an app", "tags" : [ "Provided Scopes" ] } }, "/apps/{applicationId}/dynamic-scopes" : { "get" : { "description" : "Returns all provided dynamic scopes of an app", "operationId" : "getAppDynamicScopes", "parameters" : [ { "description" : "App name as defined in apps management api", "explode" : false, "in" : "path", "name" : "applicationId", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Scopes" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get all provided dynamic scopes of an app", "tags" : [ "Provided Scopes" ] }, "put" : { "description" : "Alters provided dynamic scope list of an app", "operationId" : "setAppDynamicScopes", "parameters" : [ { "description" : "App name as defined in apps management api", "explode" : false, "in" : "path", "name" : "applicationId", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Scopes" } } }, "description" : "Dynamic Scopes of an app", "required" : true }, "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Scopes" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Alter provided dynamic scopes of an app", "tags" : [ "Provided Scopes" ] } }, "/apps/{applicationId}/requested-scopes" : { "get" : { "description" : "Returns requested scopes of an application", "operationId" : "GetServiceAuthApps", "parameters" : [ { "explode" : false, "in" : "path", "name" : "applicationId", "required" : true, "schema" : { "description" : "Id of the application", "type" : "string" }, "style" : "simple" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Scopes" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get requested scopes of an application", "tags" : [ "Requested Scopes" ] } }, "/policies/users/reservednames" : { "get" : { "description" : "List of reserved names, which must not be used when creating a new user account", "operationId" : "getReservedUsernames", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Reservednames" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "List of reserved usernames.", "tags" : [ "Policies" ] } }, "/policies/users/passwords" : { "get" : { "description" : "Get default password policy.", "operationId" : "getPasswordPolicy", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/PasswordPolicy" } } }, "description" : "Returns the default password policy" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get default password policy.", "tags" : [ "Policies" ] }, "put" : { "description" : "This function updates the default password policy that will be automatically assigned to a user upon creation. Note that the default password policy could also be updated by the 'PUT password-policies/{policyId}'. This route will still work, however the latter described route is the preferred way to update the default password policy.\n", "operationId" : "updatePasswordPolicy", "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/PasswordPolicy" } } }, "description" : "The password policy data to be applied to the default password policy.", "required" : true }, "responses" : { "200" : { "description" : "The default password policy was updated successfully. The status is 200 because of backward compatibility." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Updates the default password policy.", "tags" : [ "Policies" ] } }, "/policies/groups/reservednames" : { "get" : { "description" : "List of reserved names, which must not be used when creating a new group", "operationId" : "getReservedGroupnames", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Reservednames" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "List of reserved groupnames", "tags" : [ "Policies" ] } }, "/loginLockedStatus/users" : { "get" : { "description" : "List of login locked status", "operationId" : "getLoginLockedStatus", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/LoginLockedStatusOfAllUsers" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Login locked status of all users", "tags" : [ "LoginLockedStatus" ] } }, "/loginLockedStatus/users/{id}" : { "put" : { "description" : "Set login locked status of a user to unlocked\n", "operationId" : "updateLoginLockedStatus", "parameters" : [ { "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "description" : "ID of user", "type" : "string" }, "style" : "simple" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/LoginLockedStatus" } } }, "description" : "login locked status", "required" : false }, "responses" : { "204" : { "description" : "Set login locked status to unlock successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Unlock login", "tags" : [ "LoginLockedStatus" ] } }, "/remote-auth/config" : { "get" : { "description" : "Get configuration of remote authentication", "operationId" : "GetConfigOfRemoteAuth", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/RemoteAuthConfig" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "security" : [ ], "summary" : "Get configuration of remote authentication", "tags" : [ "Remote Auth Management" ] }, "put" : { "description" : "Update configuration of remote authentication", "operationId" : "UpdateConfigOfRemoteAuth", "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/RemoteAuthConfig" } } }, "description" : "Configurations of remote authentication", "required" : true }, "responses" : { "204" : { "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update configuration of remote authentication", "tags" : [ "Remote Auth Management" ] } }, "/remote-auth/services" : { "get" : { "description" : "Get supported remote authentication services", "operationId" : "GetRemoteAuthServices", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/RemoteAuthServices" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get supported remote authentication services", "tags" : [ "Remote Auth Management" ] } }, "/remote-auth/services/radius/config" : { "get" : { "description" : "Get configuration of radius server", "operationId" : "GetRadiusConfig", "parameters" : [ { "description" : "The cipherkey is a 16-, 24- or 32-byte array derived from a secure key derivation function, which will directly be used by the backend's encryption algorithm to encrypt the radius secret and return it as encryptedPassword. Make sure to use URL-encoding.\n", "explode" : true, "in" : "query", "name" : "cipherkey", "required" : false, "schema" : { "type" : "string" }, "style" : "form" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/RadiusConfig" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get configuration of radius server", "tags" : [ "Remote Auth Management" ] }, "put" : { "description" : "Update configuration of radius server", "operationId" : "UpdateRadiusConfig", "parameters" : [ { "description" : "The cipherkey is a 16-, 24- or 32-byte array derived from a secure key derivation function, which will directly be used by the backend's decryption algorithm to decrypt the encrypted radius secret provided as encryptedPassword. Make sure to use URL-encoding.\n", "explode" : true, "in" : "query", "name" : "cipherkey", "required" : false, "schema" : { "type" : "string" }, "style" : "form" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/RadiusConfig" } } }, "description" : "Configurations of radius server", "required" : true }, "responses" : { "204" : { "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update configuration of radius server", "tags" : [ "Remote Auth Management" ] } }, "/remote-auth/services/radius/auth-protocols" : { "get" : { "description" : "Get supported authentication protocols of radius server", "operationId" : "GetRadiusAuthProtocols", "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "items" : { "type" : "string" }, "type" : "array" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get supported authentication protocols of radius server", "tags" : [ "Remote Auth Management" ] } }, "/remote-auth/services/ldap/config" : { "get" : { "description" : "Get configuration of ldap server", "operationId" : "GetLDAPConfig", "parameters" : [ { "description" : "The cipherkey is a 16-, 24- or 32-byte array derived from a secure key derivation function, which will directly be used by the backend's encryption algorithm to encrypt the read-only user password and return it as encryptedPassword. Make sure to use URL-encoding.\n", "explode" : true, "in" : "query", "name" : "cipherkey", "required" : false, "schema" : { "type" : "string" }, "style" : "form" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/LDAPConfig" } } }, "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get configuration of ldap server", "tags" : [ "Remote Auth Management" ] }, "put" : { "description" : "Update configuration of ldap server", "operationId" : "UpdateLDAPConfig", "parameters" : [ { "description" : "The cipherkey is a 16-, 24- or 32-byte array derived from a secure key derivation function, which will directly be used by the backend's decryption algorithm to decrypt the encrypted read-only user password provided as encryptedPassword. Make sure to use URL-encoding.\n", "explode" : true, "in" : "query", "name" : "cipherkey", "required" : false, "schema" : { "type" : "string" }, "style" : "form" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/LDAPConfig" } } }, "description" : "Configurations of ldap server", "required" : true }, "responses" : { "204" : { "description" : "Operation successful" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update configuration of ldap server", "tags" : [ "Remote Auth Management" ] } }, "/remote-auth/services/oidc/providers" : { "get" : { "description" : "Retrieves a list of available OpenID Connect Identity providers.\n", "operationId" : "getOIDCProviders", "parameters" : [ { "description" : "The cipherkey is a 16-, 24- or 32-byte array derived from a secure key derivation function, which will directly be used by the backend's encryption algorithm to encrypt the client secret and return it as encryptedPassword. Make sure to use URL-encoding.\n", "explode" : true, "in" : "query", "name" : "cipherkey", "required" : false, "schema" : { "type" : "string" }, "style" : "form" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OIDCProviders" } } }, "description" : "List of OIDC providers" }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Get OIDC providers.", "tags" : [ "Remote Auth Management" ] }, "post" : { "description" : "Creates a new OpenID Connect identity provider, enabling OIDC authentication to this server.\n", "operationId" : "CreateOIDCProvider", "parameters" : [ { "description" : "The cipherkey is a 16-, 24- or 32-byte array derived from a secure key derivation function, which will directly be used by the backend's encryption algorithm to encrypt the client secret and return it as encryptedPassword. Make sure to use URL-encoding.\n", "explode" : true, "in" : "query", "name" : "cipherkey", "required" : false, "schema" : { "type" : "string" }, "style" : "form" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OIDCProvider" } } }, "description" : "the OIDC identity provider to be created", "required" : true }, "responses" : { "201" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OIDCProvider" } } }, "description" : "Identity provider created successfully.", "headers" : { "Location" : { "description" : "The location of the newly created object", "explode" : false, "schema" : { "format" : "uri", "type" : "string" }, "style" : "simple" } } }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Create OIDC provider", "tags" : [ "Remote Auth Management" ] } }, "/remote-auth/services/oidc/providers/{id}" : { "delete" : { "description" : "Deletes an OpenID Connect identity provider. Requires the id of OIDC identity provider as a parameter. This action also disables the OIDC authentication to this server\n", "operationId" : "deleteOIDCProvider", "parameters" : [ { "description" : "The id of OIDC provider", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" } ], "responses" : { "204" : { "description" : "OIDC provider deleted successfully. No content is returned." }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Delete an OIDC provider", "tags" : [ "Remote Auth Management" ] }, "get" : { "description" : "Retrieves the details of a specific OpenID Connect identity provider by its unique identifier.\nThe response includes general metadata and the full protocol-specific configuration.\n", "operationId" : "GetOIDCProvider", "parameters" : [ { "description" : "The id of OIDC provider", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" }, { "description" : "The cipherkey is a 16-, 24- or 32-byte array derived from a secure key derivation function, which will directly be used by the backend's encryption algorithm to encrypt the client secret and return it as encryptedPassword. Make sure to use URL-encoding.\n", "explode" : true, "in" : "query", "name" : "cipherkey", "required" : false, "schema" : { "type" : "string" }, "style" : "form" } ], "responses" : { "200" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OIDCProvider" } } }, "description" : "Identity provider found and returned successfully." }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" } }, "summary" : "Get a specific OIDC provider", "tags" : [ "Remote Auth Management" ] }, "put" : { "description" : "Updates an existing OpenID Connect identity provider's configuration.\nThe full set of configuration fields must be provided in the request body.\n", "operationId" : "UpdateOIDCProvider", "parameters" : [ { "description" : "The id of OIDC provider", "explode" : false, "in" : "path", "name" : "id", "required" : true, "schema" : { "type" : "string" }, "style" : "simple" }, { "description" : "The cipherkey is a 16-, 24- or 32-byte array derived from a secure key derivation function, which will directly be used by the backend's decryption algorithm to decrypt the encrypted client secret provided as encryptedPassword. Make sure to use URL-encoding.\n", "explode" : true, "in" : "query", "name" : "cipherkey", "required" : false, "schema" : { "type" : "string" }, "style" : "form" } ], "requestBody" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/OIDCProvider" } } }, "required" : true }, "responses" : { "204" : { "description" : "Identity provider updated successfully." }, "400" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "401" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "403" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "404" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "500" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "summary" : "Update an existing OIDC provider", "tags" : [ "Remote Auth Management" ] } } }, "components" : { "responses" : { "BadRequest" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The request is incomplete or malformed" }, "Unauthorized" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Not authorized to access this resource" }, "Forbidden" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Access forbidden for this resource" }, "NotFound" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "The resource was not found" }, "Conflict" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Conflict with the current state of the resource" }, "InternalServerError" : { "content" : { "application/json" : { "schema" : { "$ref" : "#/components/schemas/Problem" } } }, "description" : "Something unexpected happened on the server" } }, "schemas" : { "EasyServiceAccessSettings" : { "description" : "Easy service access settings", "example" : { "enabled" : false }, "properties" : { "enabled" : { "example" : false, "type" : "boolean" } }, "required" : [ "enabled" ], "type" : "object" }, "SessionSettings" : { "description" : "Restrict settings of session.", "example" : { "maxSessionsPerUser" : 0, "maxTicketsPerUser" : 0, "ticketValidity" : 1862704187, "sessionTimeout" : 250196665, "tokenValidity" : 1761242744 }, "properties" : { "sessionTimeout" : { "description" : "The sessionTimeout property refers to the duration of time that a user session remains active before it automatically expires. \nIt determines how long a user can remain idle or inactive before being logged out of the system for security purposes. \nBy setting a specific session timeout value, administrators can control the length of time a user can stay logged in without any activity, ensuring that inactive sessions are terminated to prevent unauthorized access. \nThe value should be 0, or a positive value smaller than 3124224000 seconds.\nSetting the sessionTimeout property to 0 means that the user sessions will not expire automatically.\n", "format" : "int64", "maximum" : 3124224000, "minimum" : 0, "type" : "integer" }, "maxTicketsPerUser" : { "description" : "The maxTicketsPerUser property specifies the maximum number of failed login attempts that a user can make without any subsequent waiting period. \nIt sets a limit on the number of unsuccessful login attempts allowed for a user before they are required to wait before trying again. \nBy defining a value for maxTicketsPerUser, administrators can control the number of consecutive failed login attempts a user can make without triggering a waiting period. \nThe value must be 0 or a positive number.\nSetting maxTicketsPerUser to 0 indicates that there is no limit on the number of failed login attempts a user can make, providing unlimited attempts without any waiting period. \nThis property helps enhance security by preventing brute-force attacks and unauthorized access attempts.\n", "format" : "int32", "minimum" : 0, "type" : "integer" }, "maxSessionsPerUser" : { "description" : "The maxSessionsPerUser property determines the maximum number of concurrent sessions that a user can have at the same time. \nIt sets a limit on the number of active login sessions that a user can establish, helping to control and manage the user's access to the system. \nBy setting a specific value for maxSessionsPerUser, administrators can restrict the number of simultaneous sessions a user can have, preventing excessive or unauthorized access to the system. \nThis property ensures that users cannot have an unlimited number of concurrent sessions, promoting better security and preventing potential misuse or abuse of system resources. \nThe value must be 0 or a positive number.\nSetting the maxSessionsPerUser property to 0 means that users can have an unlimited number of concurrent sessions.\n", "format" : "int32", "minimum" : 0, "type" : "integer" }, "ticketValidity" : { "description" : "The ticketValidity property refers to the duration of time, measured in seconds, that a user must wait after a failed login attempt before they can try again. \nIt sets a waiting period or cooldown time to prevent repeated login attempts in quick succession, which helps to enhance security and protect against brute-force attacks. \nBy specifying a value for ticketValidity, administrators can control the length of time a user must wait before they can retry logging in after a failed attempt. \nThis property acts as a deterrent against unauthorized access attempts and strengthens the overall security of the user management system.\nThe value should be a positive value smaller than 3124224000 seconds.\n", "format" : "int64", "maximum" : 3124224000, "minimum" : 1, "type" : "integer" }, "tokenValidity" : { "description" : "The tokenValidity property defines the maximum duration of a user session before they are automatically logged out. \nIt specifies the length of time, measured in seconds, that a user can remain logged in. \nBy setting a value for tokenValidity, administrators can control the maximum session duration and enforce automatic logout after the specified period. \nThe value should be 0, or a positive value smaller than 3124224000 seconds.\nSetting tokenValidity to 0 indicates that there is no limit on the session duration, allowing users to remain logged in for an unlimited amount of time.\n", "format" : "int64", "maximum" : 3124224000, "minimum" : 0, "type" : "integer" } }, "required" : [ "maxSessionsPerUser", "maxTicketsPerUser", "sessionTimeout", "ticketValidity", "tokenValidity" ], "type" : "object" }, "UserSettings" : { "additionalProperties" : { "example" : "\"ctrlx.common.lang\": \"de\"", "type" : "string" }, "description" : "Contains user specific settings as key-value-pairs of type string.", "type" : "object" }, "NamedPasswordPolicy" : { "description" : "Named set of password policy with a unique id", "example" : { "passwordPolicy" : { "remember" : 0, "minUppercase" : 1, "expiresAfterDays" : 1, "minLen" : 1, "minDigit" : 1, "minLowercase" : 1, "minSpecial" : 1, "rejectUsername" : true }, "name" : "Admin password policy", "id" : "896bbe51-148a-453a-920a-5832a44f4bab" }, "properties" : { "name" : { "example" : "Admin password policy", "type" : "string" }, "id" : { "description" : "The identifier of the named password policy. When not provided upon creation, the identifier will be\ngenerated by the backend. Otherwise, the backend will use the identifier given that the id follows the\ndefined pattern.\n", "example" : "896bbe51-148a-453a-920a-5832a44f4bab", "maxLength" : 64, "minLength" : 6, "pattern" : "^[a-zA-Z\\d]+[a-zA-Z\\d_-]*[a-zA-Z\\d]+$", "type" : "string" }, "passwordPolicy" : { "$ref" : "#/components/schemas/PasswordPolicy" } }, "required" : [ "id", "name", "passwordPolicy" ], "type" : "object" }, "NamedPasswordPolicies" : { "items" : { "$ref" : "#/components/schemas/NamedPasswordPolicy" }, "type" : "array" }, "Session" : { "description" : "Properties of a session.", "example" : { "lastAccessDate" : 0, "clientIP" : "clientIP", "name" : "name", "systemUser" : true, "timeoutDuration" : 6, "id" : "id", "scopes" : [ "scopes", "scopes" ], "type" : "type", "creationDate" : 5, "typeDetail" : "typeDetail", "expirationDate" : 1 }, "properties" : { "type" : { "type" : "string" }, "id" : { "type" : "string" }, "lastAccessDate" : { "format" : "int64", "type" : "integer" }, "timeoutDuration" : { "format" : "int64", "type" : "integer" }, "expirationDate" : { "format" : "int64", "type" : "integer" }, "creationDate" : { "format" : "int64", "type" : "integer" }, "typeDetail" : { "type" : "string" }, "name" : { "type" : "string" }, "clientIP" : { "type" : "string" }, "scopes" : { "items" : { "type" : "string" }, "type" : "array" }, "systemUser" : { "type" : "boolean" } }, "required" : [ "clientIP", "creationDate", "expirationDate", "id", "lastAccessDate", "name", "scopes", "systemUser", "timeoutDuration", "typeDetail" ], "type" : "object" }, "Credentials" : { "description" : "Credentials of a user. Include username and password.", "example" : { "password" : "41>a72&$b", "name" : "user.name" }, "properties" : { "name" : { "example" : "user.name", "type" : "string" }, "password" : { "example" : "41>a72&$b", "type" : "string" } }, "required" : [ "name", "password" ], "type" : "object" }, "SetupData" : { "description" : "Initial setup data for identity manager. The password must comply with the default password policy.", "example" : { "adminCredentials" : { "password" : "41>a72&$b", "name" : "user.name" } }, "properties" : { "adminCredentials" : { "$ref" : "#/components/schemas/Credentials" } }, "required" : [ "adminCredentials" ], "type" : "object" }, "User" : { "description" : "The \"User\" object is a representation of the properties associated with a user on the system. It serves as a container for various user-related information and attributes.", "example" : { "deleteat" : 1610612736, "useGlobalSessionSettings" : false, "name" : "mustermann", "deletable" : true, "systemuser" : false, "passwordPolicyId" : "896bbe51-148a-453a-920a-5832a44f4bab", "id" : "1000", "locked" : true, "remote" : false, "sessionSettings" : { "maxSessionsPerUser" : 0, "maxTicketsPerUser" : 0, "ticketValidity" : 1862704187, "sessionTimeout" : 250196665, "tokenValidity" : 1761242744 } }, "properties" : { "name" : { "description" : "The \"name\" property represents the user's username.\nIt is a string that uniquely identifies the user within the system.\nThis field is essential for user identification and is often used for login purposes or when addressing the user in the system.\nThe name of a user must adhere to the specified pattern and must be between 1 and 32 characters in length.\n", "example" : "mustermann", "maxLength" : 32, "minLength" : 1, "pattern" : "^[_a-z][0-9a-z_-]*[$]?$", "type" : "string" }, "id" : { "description" : "id of user. This property is set by the backend.", "example" : "1000", "type" : "string" }, "locked" : { "default" : false, "example" : true, "type" : "boolean" }, "deletable" : { "description" : "if ture, the user is deletable. This property is set by the backend.", "example" : true, "type" : "boolean" }, "systemuser" : { "description" : "if ture, the user is a system user. This property is set by the backend.", "example" : false, "type" : "boolean" }, "deleteat" : { "description" : "The time at which the system user will be deleted. This property is set by the backend.", "example" : 1610612736, "format" : "int64", "type" : "integer" }, "sessionSettings" : { "$ref" : "#/components/schemas/SessionSettings" }, "passwordPolicyId" : { "description" : "Id of the named password policy that is or shall applied to this user", "example" : "896bbe51-148a-453a-920a-5832a44f4bab", "type" : "string" }, "useGlobalSessionSettings" : { "description" : "If true, apply global session settings at next login. Otherwise use individual sessions settings.", "example" : false, "type" : "boolean" }, "remote" : { "description" : "Shows if the user is a remote user. Remote user are managed remotely. This property is set by the backend.", "example" : false, "type" : "boolean" } }, "required" : [ "deletable", "deleteat", "id", "locked", "name", "remote", "sessionSettings", "systemuser", "useGlobalSessionSettings" ], "type" : "object" }, "Users" : { "items" : { "$ref" : "#/components/schemas/User" }, "type" : "array" }, "Reservednames" : { "description" : "Reserved usernames.", "items" : { "example" : "root", "type" : "string" }, "type" : "array" }, "Password" : { "description" : "Password.", "example" : "dF$acsXsh", "type" : "string", "writeOnly" : true }, "Passwords" : { "description" : "For changing password, user should provid old and new passwords.", "example" : { "newPassword" : "dF$acsXsh", "currentPassword" : "dF$acsXsh" }, "properties" : { "newPassword" : { "description" : "Password.", "example" : "dF$acsXsh", "type" : "string", "writeOnly" : true }, "currentPassword" : { "description" : "Password.", "example" : "dF$acsXsh", "type" : "string", "writeOnly" : true } }, "required" : [ "currentPassword", "newPassword" ], "type" : "object" }, "Group" : { "description" : "The \"Group\" object is a representation of the properties associated with a group on the system. It serves as a container for various group-related information and attributes.", "example" : { "name" : "samplegroup", "deletable" : true, "id" : "1234", "remote" : false }, "properties" : { "name" : { "description" : "The \"name\" property represents the name of the group.\nIt is a string that uniquely identifies the group within the system.\nThis field is essential for group identification and is used to link certain users to a group.\nThe name of a local group must adhere to the specified pattern and must be between 1 and 32 characters in length.\n", "example" : "samplegroup", "maxLength" : 32, "minLength" : 1, "pattern" : "^[_a-z][0-9a-z_-]*[$]?$", "type" : "string" }, "id" : { "description" : "id of group. This property is set by the backend.", "example" : "1234", "type" : "string" }, "deletable" : { "description" : "if true, the group is deletable. This property is set by the backend.", "example" : true, "type" : "boolean" }, "remote" : { "description" : "Shows if the group is a remote group. Remote group are managed remotely. This property is set by the backend.", "example" : false, "type" : "boolean" } }, "required" : [ "deletable", "id", "name", "remote" ], "type" : "object" }, "Groups" : { "items" : { "$ref" : "#/components/schemas/Group" }, "type" : "array" }, "Token" : { "description" : "Token (required for authentication / authorization)", "example" : { "access_token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.xxx.xxx", "token_type" : "Bearer" }, "properties" : { "access_token" : { "description" : "Base64 encoded JSON Web Token (JWT). See RFC 7519 for details.", "example" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.xxx.xxx", "type" : "string" }, "token_type" : { "description" : "Type of the token (usually Bearer)", "example" : "Bearer", "type" : "string" } }, "required" : [ "access_token", "token_type" ], "type" : "object" }, "RequiredScope" : { "description" : "The scope which might be required by another scope in order to perform a specific action.", "example" : { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." }, "properties" : { "identifier" : { "description" : "Identifier of the required scope.", "example" : "rexroth-automation.datalayer.rw", "type" : "string" }, "purpose" : { "description" : "Purpose of the required scope.", "example" : "This permission is required to switch system mode.", "type" : "string" } }, "required" : [ "identifier", "purpose" ], "type" : "object" }, "Scope" : { "description" : "Properties of a scope, which is used to limiting an access to resource.", "example" : { "identifier" : "myApp.all.rw", "requiredScopes" : [ { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." }, { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." } ], "deprecated" : false, "name" : "Full Permissions", "description" : "Full permissions of My App", "dynamic" : false }, "properties" : { "identifier" : { "example" : "myApp.all.rw", "type" : "string" }, "name" : { "example" : "Full Permissions", "type" : "string" }, "description" : { "example" : "Full permissions of My App", "type" : "string" }, "dynamic" : { "description" : "Indicates if the scope is generated dynamically or predefined statically by the app", "example" : false, "type" : "boolean" }, "requiredScopes" : { "items" : { "$ref" : "#/components/schemas/RequiredScope" }, "type" : "array" }, "deprecated" : { "description" : "Indicates if the scope is deprecated and discouraged for future use", "example" : false, "type" : "boolean" } }, "required" : [ "description", "identifier", "name" ], "type" : "object" }, "Scopes" : { "items" : { "$ref" : "#/components/schemas/Scope" }, "type" : "array" }, "App" : { "description" : "Properties of an application.", "example" : { "identifier" : "myApp", "name" : "My App", "description" : "Description of My App", "scopes" : [ { "identifier" : "myApp.all.rw", "requiredScopes" : [ { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." }, { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." } ], "deprecated" : false, "name" : "Full Permissions", "description" : "Full permissions of My App", "dynamic" : false }, { "identifier" : "myApp.all.rw", "requiredScopes" : [ { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." }, { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." } ], "deprecated" : false, "name" : "Full Permissions", "description" : "Full permissions of My App", "dynamic" : false } ] }, "properties" : { "identifier" : { "example" : "myApp", "type" : "string" }, "name" : { "example" : "My App", "type" : "string" }, "description" : { "example" : "Description of My App", "type" : "string" }, "scopes" : { "items" : { "$ref" : "#/components/schemas/Scope" }, "type" : "array" } }, "required" : [ "description", "identifier", "name", "scopes" ], "type" : "object" }, "Apps" : { "description" : "Array of applications.", "example" : { "apps" : [ { "identifier" : "myApp", "name" : "My App", "description" : "Description of My App", "scopes" : [ { "identifier" : "myApp.all.rw", "requiredScopes" : [ { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." }, { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." } ], "deprecated" : false, "name" : "Full Permissions", "description" : "Full permissions of My App", "dynamic" : false }, { "identifier" : "myApp.all.rw", "requiredScopes" : [ { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." }, { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." } ], "deprecated" : false, "name" : "Full Permissions", "description" : "Full permissions of My App", "dynamic" : false } ] }, { "identifier" : "myApp", "name" : "My App", "description" : "Description of My App", "scopes" : [ { "identifier" : "myApp.all.rw", "requiredScopes" : [ { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." }, { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." } ], "deprecated" : false, "name" : "Full Permissions", "description" : "Full permissions of My App", "dynamic" : false }, { "identifier" : "myApp.all.rw", "requiredScopes" : [ { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." }, { "identifier" : "rexroth-automation.datalayer.rw", "purpose" : "This permission is required to switch system mode." } ], "deprecated" : false, "name" : "Full Permissions", "description" : "Full permissions of My App", "dynamic" : false } ] } ] }, "properties" : { "apps" : { "items" : { "$ref" : "#/components/schemas/App" }, "type" : "array" } }, "required" : [ "apps" ], "type" : "object" }, "PasswordPolicy" : { "description" : "Restricting rules for password creation.", "example" : { "remember" : 0, "minUppercase" : 1, "expiresAfterDays" : 1, "minLen" : 1, "minDigit" : 1, "minLowercase" : 1, "minSpecial" : 1, "rejectUsername" : true }, "properties" : { "remember" : { "description" : "number of old password in password history.", "example" : 0, "type" : "integer" }, "minLen" : { "description" : "Minimum password length.", "example" : 1, "type" : "integer" }, "minDigit" : { "description" : "Minimum numeric characters.", "example" : 1, "type" : "integer" }, "minUppercase" : { "description" : "Minimum uppercase characters.", "example" : 1, "type" : "integer" }, "minLowercase" : { "description" : "Minimum lowercase characters.", "example" : 1, "type" : "integer" }, "minSpecial" : { "description" : "Minimum special characters.", "example" : 1, "type" : "integer" }, "rejectUsername" : { "description" : "If true, password is not allowed to contain username.", "example" : true, "type" : "boolean" }, "expiresAfterDays" : { "description" : "Password expires after days.", "example" : 1, "type" : "integer" } }, "required" : [ "expiresAfterDays", "minDigit", "minLen", "minLowercase", "minSpecial", "minUppercase", "rejectUsername", "remember" ], "type" : "object" }, "Validity" : { "description" : "Validity of a token.", "example" : { "valid" : true }, "properties" : { "valid" : { "example" : true, "type" : "boolean" } }, "required" : [ "valid" ], "type" : "object" }, "SetupState" : { "description" : "State of the setup. The passwordPolicy and reservedNames are only included when setup is still required.", "example" : { "passwordPolicy" : { "remember" : 0, "minUppercase" : 1, "expiresAfterDays" : 1, "minLen" : 1, "minDigit" : 1, "minLowercase" : 1, "minSpecial" : 1, "rejectUsername" : true }, "state" : "required", "reservedNames" : [ "root", "root" ] }, "properties" : { "state" : { "description" : "Indicates whether the initial user setup is still required.\n- required: The initial user setup is still required.\n- completed: The initial user setup has already been completed (setup route is deactivated).\n", "enum" : [ "required", "completed" ], "example" : "required", "readOnly" : true, "type" : "string" }, "passwordPolicy" : { "$ref" : "#/components/schemas/PasswordPolicy" }, "reservedNames" : { "description" : "Reserved usernames.", "items" : { "example" : "root", "type" : "string" }, "type" : "array" } }, "required" : [ "state" ], "type" : "object" }, "ForceChpasswd" : { "description" : "Status, if the password should be changed at next login.", "example" : { "forced" : true }, "properties" : { "forced" : { "example" : true, "type" : "boolean" } }, "required" : [ "forced" ], "type" : "object" }, "LoginLockedStatus" : { "description" : "Login locked status of a user.", "example" : { "lockedUntil" : 0, "id" : "1000", "locked" : false }, "properties" : { "id" : { "example" : "1000", "type" : "string" }, "locked" : { "example" : false, "type" : "boolean" }, "lockedUntil" : { "example" : 0, "format" : "int64", "type" : "integer" } }, "required" : [ "id", "locked", "lockedUntil" ], "type" : "object" }, "LoginLockedStatusOfAllUsers" : { "items" : { "$ref" : "#/components/schemas/LoginLockedStatus" }, "type" : "array" }, "LoginBanner" : { "description" : "Content of login banner.", "example" : { "text" : "Hello world" }, "properties" : { "text" : { "example" : "Hello world", "type" : "string" } }, "required" : [ "text" ], "type" : "object" }, "RadiusConfig" : { "description" : "Configurations of radius.", "example" : { "protocol" : "tcp", "port" : "1812", "ip" : "192.168.2.2", "vendorId" : 9, "groupsVSA" : 1, "secret" : "testing123", "authProtocol" : "ms-chapv2", "encryptedPassword" : "encryptedPassword" }, "properties" : { "ip" : { "example" : "192.168.2.2", "type" : "string" }, "port" : { "example" : "1812", "type" : "string" }, "secret" : { "description" : "This is used to set a new radius secret. When trying to set an encrypted secret, use the optional property encryptedPassword and leave this empty. Both properties must not be set at the same time.\n", "example" : "testing123", "type" : "string" }, "protocol" : { "example" : "tcp", "type" : "string" }, "authProtocol" : { "example" : "ms-chapv2", "type" : "string" }, "vendorId" : { "example" : 9, "type" : "integer" }, "groupsVSA" : { "example" : 1, "type" : "integer" }, "encryptedPassword" : { "description" : "Contains the encrypted radius secret, which is generated when getting the radius config with a valid cipherkey as query parameter. Can be used to set the radius secret when updating the radius config with the correct cipherkey as query parameter. Either the encryptedPassword or the cleartext radius secret can be set, both can't be set in the same request.\n", "type" : "string" } }, "required" : [ "authProtocol", "groupsVSA", "ip", "port", "protocol", "secret", "vendorId" ], "type" : "object" }, "LDAPConfig" : { "description" : "Configurations of LDAP.", "example" : { "readOnlyUser" : "readonly", "groupFilter" : "(&(cn=DC-AE*)(objectClass=group))", "groupMembershipAttribute" : "member", "usernameAttribute" : "sAMAccountName", "readOnlyUserPassword" : "topsecret", "tlsConfig" : { "certificate" : "certificate", "skipServerCertificateVerification" : true, "key" : "key", "ca" : "ca" }, "encryptedPassword" : "encryptedPassword", "port" : "389", "serverType" : "ActiveDirectory", "host" : "192.168.1.2", "userFilter" : "(&(department=*ESW2)(objectClass=user))", "baseDN" : "dc=example,dc=com", "useTLS" : true }, "properties" : { "host" : { "example" : "192.168.1.2", "type" : "string" }, "port" : { "example" : "389", "type" : "string" }, "serverType" : { "default" : "ActiveDirectory", "enum" : [ "ActiveDirectory", "OpenLDAP" ], "type" : "string" }, "baseDN" : { "example" : "dc=example,dc=com", "type" : "string" }, "readOnlyUser" : { "description" : "Leave empty for anonymous mode", "example" : "readonly", "type" : "string" }, "readOnlyUserPassword" : { "description" : "This is used to set a new read-only user password. When trying to set an encrypted read-only user password, use the optional property encryptedPassword and leave this empty. Both properties must not be set at the same time.\n", "example" : "topsecret", "type" : "string" }, "userFilter" : { "example" : "(&(department=*ESW2)(objectClass=user))", "type" : "string" }, "groupFilter" : { "example" : "(&(cn=DC-AE*)(objectClass=group))", "type" : "string" }, "usernameAttribute" : { "example" : "sAMAccountName", "type" : "string" }, "groupMembershipAttribute" : { "example" : "member", "type" : "string" }, "useTLS" : { "type" : "boolean" }, "tlsConfig" : { "$ref" : "#/components/schemas/TLSConfig" }, "encryptedPassword" : { "description" : "Contains the encrypted read-only user password, which is generated when getting the LDAP config with a valid cipherkey as query parameter. Can be used to set the read-only user password when updating the ldap config with the correct cipherkey as query parameter. Either the encryptedPassword or the cleartext read-only password can be set, both can't be set in the same request.\n", "type" : "string" } }, "required" : [ "baseDN", "groupFilter", "groupMembershipAttribute", "host", "port", "readOnlyUser", "readOnlyUserPassword", "serverType", "userFilter", "usernameAttribute" ], "type" : "object" }, "RemoteAuthConfig" : { "description" : "Configurations of remote authentication.", "example" : { "service" : "radius", "enabled" : true }, "properties" : { "enabled" : { "type" : "boolean" }, "service" : { "example" : "radius", "type" : "string" } }, "required" : [ "enabled", "service" ], "type" : "object" }, "RemoteAuthService" : { "description" : "Properties of remote authentication service.", "example" : { "chgpwd" : false, "name" : "radius" }, "properties" : { "name" : { "description" : "name of remote authentication service.", "example" : "radius", "type" : "string" }, "chgpwd" : { "description" : "if true, change password is possible.", "example" : false, "type" : "boolean" } }, "required" : [ "chgpwd", "name" ], "type" : "object" }, "RemoteAuthServices" : { "items" : { "$ref" : "#/components/schemas/RemoteAuthService" }, "type" : "array" }, "Problem" : { "description" : "This document defines a \"problem detail\" as a way to carry machine-readable details of errors in a HTTP response to avoid the need to define new error response formats for HTTP APIs.\n", "properties" : { "type" : { "default" : "about:blank", "description" : "A URI reference [RFC3986] that identifies the problem type. \nThis specification encourages that, when dereferenced, \nit provide human-readable documentation for the problem type \n(e.g., using HTML [W3C.REC-html5-20141028]). When this member \nis not present, its value is assumed to be \"about:blank\".\n", "example" : "https://example.com/probs/out-of-credit", "format" : "uri", "type" : "string" }, "title" : { "description" : "A short, human-readable summary of the problem type. \nIt SHOULD NOT change from occurrence to occurrence of the problem, \nexcept for purposes of localization (e.g., using proactive content \nnegotiation; see [RFC7231], Section 3.4).\nIf the response is a diagnostics message, it contains \nthe text associated with the mainDiagnosisCode.\n", "example" : "You do not have enough credit.", "type" : "string" }, "status" : { "description" : "The HTTP status code ([RFC7231], Section 6) generated by the \norigin server for this occurrence of the problem.\n", "example" : 403, "format" : "int32", "type" : "integer" }, "detail" : { "description" : "A human-readable explanation specific to this occurrence of the problem.\nIf the response is a diagnostics message, it contains the text associated with\nthe detailedDiagnosisCode.\n", "example" : "Your current balance is 30, but that costs 50.", "type" : "string" }, "instance" : { "description" : "A URI reference that identifies the specific occurrence of the problem.\nIt may or may not yield further information if dereferenced.\n", "example" : "/account/12345/msgs/abc", "type" : "string" }, "code" : { "deprecated" : true, "description" : "An error code issued by the system that caused the original problem.\nThis code can be used to track down the root cause of the error.\n", "example" : "F360001", "type" : "string" }, "mainDiagnosisCode" : { "description" : "The main diagnosis code is issued by the system that caused the problem.\nThis code can be used to track down the root cause and source of the error.\nIt can be used to search in the documentation for a solution.\nIt SHOULD NOT change from occurrence to occurrence of the same problem.\n", "example" : "080F0100", "type" : "string" }, "detailedDiagnosisCode" : { "description" : "The detailed diagnosis code issued by the system that caused the problem.\nThis code can be used to track down the detailed cause and source of the error.\nIt can be used to search in the documentation for a solution.\nThe detailed diagnosis code gives additional information about the cause of the error.\nIt SHOULD NOT change from occurrence to occurrence of the same problem.\n", "example" : "00666001", "type" : "string" }, "dynamicDescription" : { "description" : "A dynamic description gives detailed information about the occurrence of a problem.\nIt can change between different occurrences of the same error.\n", "example" : "value = -4.5", "type" : "string" }, "severity" : { "description" : " Severity of a problem as defined RFC5424 of the Syslog standard, see https://tools.ietf.org/html/rfc5424", "enum" : [ "Emergency", "Alert", "Critical", "Error", "Warning", "Notice", "Informational", "Debug" ], "example" : "Error", "type" : "string" }, "links" : { "description" : "Collection of links to fix the problem. E.g. links to online user manual,\nto an online community (using tags) or a developer chat (e.g. Slack).\n", "items" : { "example" : "https://stackoverflow.com/questions/tagged/boschrexroth+controlx+f360001", "format" : "uri", "type" : "string" }, "type" : "array" }, "moreInfo" : { "additionalProperties" : true, "description" : "The moreInfo field allows you to add additional information that might be necessary to debug or trace down the cause of an error.\nIt might also contain information what is needed to resolve the problem.\nThere are loosely specified fields for specific problems that can be used in these situations, e.g.:\n- On a 403 Forbidden error: The moreInfo can contain a field \"requiredPermissions\" with the required permissions seperated by comma\n- On a 402 Payment required: The moreInfo can contain a field \"requiredLicenses\" with the required licenses seperated by comma\n", "example" : { "trace" : "ExampleClass.cpp#452 Null pointer exception", "class" : "ExampleClass" }, "type" : "object" }, "cause" : { "description" : "Sometimes a problem might be caused by problems that occure in other components or are the root cause of a problem. In this\ncase the related problems can be added as a cause. Since it might be possible that multiple components have problems on a single\naction, cause is an array. E.g. Loading failed because several components where not able to load the configuration.\n", "items" : { "$ref" : "#/components/schemas/Problem" }, "type" : "array" } }, "required" : [ "title", "type" ], "type" : "object", "x-version" : "1.0.0" }, "UploadAssertion" : { "description" : "To upload system user assertion file.", "properties" : { "file" : { "format" : "binary", "type" : "string" } }, "required" : [ "file" ], "type" : "object" }, "TLSConfig" : { "example" : { "certificate" : "certificate", "skipServerCertificateVerification" : true, "key" : "key", "ca" : "ca" }, "properties" : { "certificate" : { "description" : "File name of the client certificate used for the TLS connection. The certificate needs to be available as own certificate of \"Network Security\" in the certificate manager.", "type" : "string" }, "key" : { "description" : "File name of the private key used for the TLS connection. The key needs to be available as own key of \"Network Security\" in the certificate manager.", "type" : "string" }, "ca" : { "description" : "The name of a file that contains a set of trusted CA certificates used to validate the server certificate for the TLS connection. The certificates need to be available as ca certificates of \"Network Security\" in the certificate manager.", "type" : "string" }, "skipServerCertificateVerification" : { "description" : "If true, skip server certificate verification. If false, the server certificate will be validated against the specified ca stored in the certificate manager as ca certificate of \"Network Security\".", "type" : "boolean" } }, "type" : "object" }, "Role" : { "description" : "A role defines an authorization level on the local system for the OIDC users and groups.", "example" : { "name" : "guest", "id" : "1234567" }, "properties" : { "id" : { "description" : "The \"id\" property represents the identifier of the role.\nIt is a string that uniquely identifies the role within the system and is generated by backend.\nThis field is essential for role identification and is used to link certain OIDC users/groups to permissions on the local system.\n", "example" : "1234567", "readOnly" : true, "type" : "string" }, "name" : { "description" : "The \"name\" property represents the human readable name of the role.\nThe name of a role must adhere to the specified pattern and must be between 1 and 32 characters in length.\n", "example" : "guest", "maxLength" : 32, "minLength" : 1, "pattern" : "^[0-9a-zA-Z@._-]+$", "type" : "string" } }, "required" : [ "id", "name" ], "type" : "object" }, "Roles" : { "items" : { "$ref" : "#/components/schemas/Role" }, "type" : "array" }, "OIDCProvider" : { "description" : "A configured OpenID Connect identity provider used for external authentication via OIDC.\n", "example" : { "roleClaimPath" : "$.resource_access.testclient.roles", "clientId" : "testclient", "issuerUrl" : "https://example.com/realms/ctrlX", "roleClaimSeparator" : ",", "name" : "Keyclock", "callbackUrl" : "https://192.168.1.1/identity-manager/api/v2/auth/oidc/callback", "clientSecret" : "nvp0gIMjCH7cgFeepSTL44dDGbzDSbtG", "id" : "1234", "encryptedPassword" : "encryptedPassword" }, "properties" : { "id" : { "description" : "Unique identifier for the identity provider.", "example" : "1234", "type" : "string" }, "name" : { "description" : "Human-readable name for the identity provider.\n", "example" : "Keyclock", "maxLength" : 32, "minLength" : 1, "type" : "string" }, "issuerUrl" : { "description" : "The issuer URL of the OpenID Connect provider. This is the base URL that uniquely identifies the OIDC provider and is used for discovery (/.well-known/openid-configuration).\n", "example" : "https://example.com/realms/ctrlX", "type" : "string" }, "callbackUrl" : { "description" : "The URL to which the OIDC provider redirects the user's browser after a successful authentication. This URL must match a pre-registered \"redirect_uri\" in your OIDC provider's configuration.\nIf no value is provided, the default callback URL will be \"https://{hostname}/identity-manager/api/v2/auth/oidc/callback\".\n", "example" : "https://192.168.1.1/identity-manager/api/v2/auth/oidc/callback", "type" : "string" }, "clientId" : { "description" : "The client ID registered with the OpenID Connect provider. Used to identify the application during authentication.\n", "example" : "testclient", "type" : "string" }, "clientSecret" : { "description" : "The client secret associated with the client ID. Used for confidential communication with the OIDC provider.\nWhen trying to set an encrypted secret, use the optional property encryptedPassword and leave this empty.\nBoth properties must not be set at the same time.\n", "example" : "nvp0gIMjCH7cgFeepSTL44dDGbzDSbtG", "type" : "string" }, "roleClaimPath" : { "default" : "$.roles", "description" : "JSONPath expression to extract role information from the access token's claims. This is necessary because OIDC providers may represent roles differently.\nExample Access Token Claim Structure:\n```\n {\n \"resource_access\": {\n \"testclient1\": {\n \"roles\": [\"guest\"]\n },\n \"testclient2\": {\n \"roles\": [\"manage-account\",\"manage-apps\"]\n }\n }\n }\n```\nFor the example above, setting roleClaimPath to $.resource_access.testclient1.roles would extract \"guest\".\n", "example" : "$.resource_access.testclient.roles", "type" : "string" }, "roleClaimSeparator" : { "default" : " ", "description" : "This setting is applicable only when role information within the access token claim is provided as a single string containing multiple roles separated by a delimiter. \nThe default delimiter is a single space.\nExample Access Token Claim Structure:\n```\n {\n \"resource_access\": {\n \"testclient1\": {\n \"roles\": \"guest\"\n },\n \"testclient2\": {\n \"roles\": \"manage-account, manage-apps\"\n }\n }\n }\n```\nTo correctly extract \"manage-account\" and \"manage-apps\" from $.resource_access.testclient2.roles in the example above, roleClaimSeparator should be set to \",\".\n", "example" : ",", "type" : "string" }, "encryptedPassword" : { "description" : "Contains the encrypted client secret, which is generated when getting the provider config with a valid cipherkey as query parameter. Can be used to set the client secret when updating the provider config with the correct cipherkey as query parameter. Either the encryptedPassword or the cleartext client secret can be set, both can't be set in the same request.\n", "type" : "string" } }, "required" : [ "callbackUrl", "clientId", "id", "issuerUrl", "name" ], "type" : "object" }, "OIDCProviders" : { "items" : { "$ref" : "#/components/schemas/OIDCProvider" }, "type" : "array" } }, "securitySchemes" : { "BearerAuth" : { "scheme" : "bearer", "type" : "http" }, "UsernamePassword" : { "description" : "Enter username and password", "flows" : { "password" : { "scopes" : { "dummy" : "Dummy scope (scopes not used)" }, "tokenUrl" : "/identity-manager/api/v2/auth/token" } }, "type" : "oauth2" }, "CookieAuth" : { "in" : "cookie", "name" : "CTRLX-OS-SESSION-ID", "type" : "apiKey" } } } }