Get the Identity Server Cluster ID.
Endpoint for cluster details: /api/v1/clusters/ and URL: https://{AC_IP}:{AC_Port}/nps/api/v1/clusters.
Sample Response:
{
"unassigned": [],
"assigned": [
{
"clusterId": "SCCm36ylf",
"clusterName": "IDP-Cluster",
"healthStatus": "PASSED",
"updateStatus": "CURRENT",
"servers": [
{
"deviceId": "idp-3A480C74CC3F0383",
"deviceIp": "10.10.10.10",
"healthStatus": "PASSED",
"updateStatus": "CURRENT",
"alertCount": 0
}
],
"serverType": 6,
"alertCount": 0
}
]
}Use the cluster ID to add a user store with details such as type, replicas, and context.
Endpoint: /api/v1/clusters/{clusterId}/userstores/
{
"nidsDisplayName": "User Store",
"nidsAdminUsername": "cn=admin,o=novell",
"nidsAdminPassword": "novell",
"nidsDirType": "eDirectory",
"nidsLDAPOpTimeout": 15,
"nidsLDAPIdleConnTimeout": 10,
"userStoreReplica": [
{
"nidsDisplayName": "USReplica",
"nidsIPAddress": "10.10.10.10",
"nidsPort": 636,
"nidsDoSSL": true,
"nidsMaxConnections": 20
}
],
"nidsSearchContexts": [
{
"context": "o=novell",
"scope": 1
}
]
}
{
"statusCode": 201,
"statusMessage": "Success",
"successMessage": "User Store with Id US1y4f3k is created successfully.",
"id": "US1y4f3k"
}Validate the user store configuration from GET API.
Endpoint: GET: /api/v1/clusters/{clusterId}/userstores/{userStoreId}
URL: https://{AC_IP}:{AC_Port}/nps/api/v1/clusters/{clusterId}/userstores/US1y4f3k
{
"id": "US1y4f3k",
"nidsDisplayName": "User Store",
"nidsDirType": "eDirectory",
"nidsAdminUsername": "cn=admin,o=novell",
"nidsAdminPassword": "novell",
"nidsSearchContexts": [
{
"context": "o=novell",
"order": null,
"scope": 1
}
],
"nidsLDAPOpTimeout": 15,
"nidsLDAPIdleConnTimeout": 10,
"userStoreReplica": [
{
"id": "USRm5u2cr",
"nidsDisplayName": "USReplica",
"nidsIPAddress": "10.10.10.10",
"nidsPort": 636,
"nidsDoSSL": true,
"nidsMaxConnections": 20
}
]
}Update the Identity Server cluster configuration.
Endpoint: POST: api/v1/servers/action
{
"cmdHandler": "deviceCommand",
"actionCmd": "nidpreconfigure",
"serverMap": {
"clusterId": [
"deviceId"
]
},
"reconfigureType": "all"
}
{
"statusCode": 200,
"statusMessage": "Success"
}Get the Identity Server cluster ID.
Endpoint for cluster details: /api/v1/clusters
URL: https://{AC_IP}:{AC_Port}/nps/api/v1/clusters
{
"unassigned": [],
"assigned": [
{
"clusterId": "SCCm36ylf",
"clusterName": "IDP-Cluster",
"healthStatus": "PASSED",
"updateStatus": "CURRENT",
"servers": [
{
"deviceId": "idp-3A480C74CC3F0383",
"deviceIp": "10.10.10.10",
"healthStatus": "PASSED",
"updateStatus": "CURRENT",
"alertCount": 0
}
],
"serverType": 6,
"alertCount": 0
}
]
}Create an authentication class using a pre-defined class.
Endpoint: POST: /api/v1/clusters/{clusterId}/classes
{
"nidsDisplayName": "Basic Class",
"nidsAuthJavaClassName": "com.novell.nidp.authentication.local.BasicClass",
"nidsAuthTypeID": 0,
"nidsAuthClassProperties": {
"key1": "val1",
"key2": "val2"
}
}
{
"statusCode": 201,
"statusMessage": "Success",
"successMessage": "Class with Id AC8kb6i5 is created successfully.",
"id": "AC8kb6i5"
}Use the authentication class to create a method using the new user store.
Endpoint: POST: /api/v1/clusters/{clusterId}/methods
{
"nidsDisplayName": "Auth Method",
"nidsAuthClassCN": "AC8kb6i5",
"nidsAuthUserStoreCNList": [
"DEFAULT_USER_STORE"
],
"nidsAuthClassProperties": {
"key1": "val1",
"key2": "val2"
},
"nidsUseForIdentity": true,
"nidsOverWriteTempUser": false,
"nidsOverWriteRealUser": false
}
{
"statusCode": 201,
"statusMessage": "Success",
"successMessage": "Method with Id AMn60c8i is created successfully.",
"id": "AMn60c8i"
}Use the authentication method to create an authentication contract.
Endpoint: POST:/api/v1/clusters/{clusterId}/contracts
URL: https://{AC_IP}:{AC_Port}/nps/api/v1/clusters/{clusterId}/contracts
{
"nidsAllowableClassesList": [],
"nidsAuthContractProperties": [
{
"name": "HIDE CARDS WITH EQUAL LEVEL",
"type": "BOOLEAN",
"value": "false"
},
{
"name": "AUTHENTICATE WITH EXPIRED PASSWORD",
"type": "BOOLEAN",
"value": "false"
},
{
"name": "key1",
"type": "OTHER",
"value": "val1"
}
],
"nidsCardText": "BasicUserNamePassText",
"nidsImageReference": "BasicUserNamePass",
"nidsCardID": "BasicUserNamePassID",
"nidsCardPassiveAuth": false,
"nidsCheckTrustLevels": true,
"nidsLoginRedirectURL": "contract/url/redirect",
"nidsPwdExpireURL": "contract/url/expire",
"nidsShowLoginRedirectUI": true,
"nidsShowPWDExpUI": true,
"nidsTrustLevel": 0,
"nidsACRefreshRate": 42,
"nidsACTimeout": 60,
"nidsAuthAllowProxying": false,
"nidsAuthMethodCNList": [
"AMn60c8i",
"ALC6mkru5"
],
"nidsRequestedContext": 1,
"nidsAdvOnLoginDlg": true,
"nidsBaseURL": "contract/url/base",
"nidsDisplayName": "Auth Contract"
}
{
"statusCode": 201,
"statusMessage": "Success",
"successMessage": "Contract with Id ALC401w5q is created successfully.",
"id": "ALC401w5q"
}Validate the configurations from GET API.
Endpoint to GET Class details: GET: /api/v1/clusters/{clusterId}/classes/{classId}
Endpoint to GET Contract details: GET: /api/v1/clusters/{clusterId}/contracts/{authLocalContractId}
Endpoint to GET Method details: GET: /api/v1/clusters/{clusterId}/methods/{authMethodId}
Update the Identity Server cluster configuration.
Endpoint: POST: api/v1/servers/action
{
"cmdHandler": "deviceCommand",
"actionCmd": "nidpreconfigure",
"serverMap": {
"clusterId": [
"deviceId"
]
},
"reconfigureType": "all"
}
{
"statusCode": 200,
"statusMessage": "Success"
}To configure a SAML 2.0 service provider application, perform the following:
Get the Identity Server cluster name
Create a SAML 2.0 service provider application
Attach a signing certificate
Update the IDP server cluster configuration
Get the Identity Server cluster name using the following request:
API Request: GET https://164.99.185.113:2443/nps/api/v1/clusters?servertype={serverType}
{
"unassigned": [],
"assigned": [
{
"clusterId": "SCCrnguoa",
"clusterName": "IDP-Cluster-113",
"healthStatus": "PASSED",
"updateStatus": "UPDATE_ALL",
"servers": [
{
"deviceId": "idp-F0CF664DE77C4EFC",
"deviceIp": "164.99.185.113",
"healthStatus": "PASSED",
"updateStatus": "UPDATE",
"alertCount": 0
}
],
"serverType": 6,
"alertCount": 0
}
]
}Create a SAML 2.0 service provider application by providing the meta data.
API Request: POST https://{AC_IP}:{AC_Port}/nps/api/v1/clusters/{clusterId}/saml2/sp
saml2Config:
{"nidsTrustedProviderMetadata":"https://164.99.185.27:8443/nidp/saml2/metadata","providerType":"General","nidsMetadataImportType":"METADATA_URL","centralMetadataItems":[],"nidsDisplayName":"SP2","nidsEnabled":true}
{
"statusCode": 201,
"statusMessage": "Success",
"successMessage": "Trusted provider created successfully with Id STSPgw6r59."
}Attach a signing certificate using the following request:
API Request: POST https://{AC_IP}:{AC_Port}/nps/api/v1/clusters/{clusterId}/saml2/metadata/certificates
metadataValidationRequest : {"nidsMetadataImportType":"METADATA_URL","nidsTrustedProviderMetadata":"https://164.99.185.27:8443/nidp/saml2/metadata","providerType":"sp","certList":["signing","encryption"]}
signingCert: <Attach the certificate file>
{
"encryption": [
{
"subject": "O=novell, OU=accessManager, CN=test-encryption",
"validity": "Sun Apr 16 10:48:01 IST 2023 - Wed Apr 16 10:48:01 IST 2025",
"issuerDn": "O=SLES15SP3_25_TREE, OU=Organizational CA",
"algorithm": "SHA256withRSA",
"serialNumber": "7b6cda8e6e48b3a4c8e50d47864da6e74505edb8"
}
],
"signing": [
{
"subject": "O=novell, OU=accessManager, CN=test-signing",
"validity": "Sun Apr 16 10:48:00 IST 2023 - Wed Apr 16 10:48:00 IST 2025",
"issuerDn": "O=SLES15SP3_25_TREE, OU=Organizational CA",
"algorithm": "SHA256withRSA",
"serialNumber": "7ba1893d19329391e1f8ecf3064d635098eeffdb"
}
]
}Update the IDP server cluster configuration using the following request:
API Request: PUT https://{AC_IP}:{AC_Port}/nps/api/v1/clusters?servertype=6
servertype:6
{
"unassigned": [],
"assigned": [
{
"clusterId": "SCCjnlrow",
"clusterName": "IDP-Cluster",
"healthStatus": "PASSED",
"updateStatus": "UPDATE_ALL",
"servers": [
{
"deviceId": "idp-FC1418E9062A2E9A",
"deviceIp": "10.71.144.137",
"healthStatus": "PASSED",
"updateStatus": "UPDATE",
"alertCount": 0
}
],
"serverType": 6,
"alertCount": 0
}
]
}To create a SAML 2.0 identity provider application, perform the following:
Get the Identity Server cluster ID
Create a SAML 2.0 identity provider application
Update the IDP cluster configuration
Get the Identity Server cluster ID using the following request:
API Request: GET https://{AC_IP}:{AC_Port}/nps/api/v1/clusters?servertype=6
{
"unassigned": [],
"assigned": [
{
"clusterId": "SCCrnguoa",
"clusterName": "IDP-Cluster-113",
"healthStatus": "PASSED",
"updateStatus": "UPDATE_ALL",
"servers": [
{
"deviceId": "idp-F0CF664DE77C4EFC",
"deviceIp": "164.99.185.113",
"healthStatus": "PASSED",
"updateStatus": "UPDATE",
"alertCount": 0
}
],
"serverType": 6,
"alertCount": 0
}
]
} Create a SAML 2.0 identity provider application by providing the following details:
Access Manager Identity Server Base URL
Assertion consumer service URL
Destination URL
EntityID
Logout response URL
Logout URL
Signing certificate
API request to create SAML2 IDP Application:
POST https://{AC_IP}:{AC_Port}/nps/api/v1/clusters/{clusterId}/saml2/idp
{
"nidsDisplayName": "IDP2_27",
"nidsEnabled": true,
"providerType": "idp",
"nidsMetadataImportType": "METADATA_URL",
"nidsTrustedProviderMetadata": "https://164.99.185.27:8443/nidp/saml2/metadata",
"authCardConfig": {
"nidsCardID": "IDP2_27",
"nidsCardText": "IDP2_27",
"nidsAdvOnLoginDlg": true,
"nidsCardPassiveAuth": false,
"nidsImageReference": "IDPAdministrator",
"authContracts": [
"ALCgip5en"
]
}
}
{
"statusCode": 201,
"statusMessage": "Success",
"successMessage": "Trusted provider created successfully with Id STIDPjlye2i."
}Assigning signing certificate:
API Request: POST https://{AC_IP}:{AC_Port}/nps/api/v1/clusters/{clusterId}/saml2/metadata/certificates
metadataValidationRequest: {"nidsMetadataImportType":"METADATA_URL","nidsTrustedProviderMetadata":"https://164.99.185.27:8443/nidp/saml2/metadata","providerType":"idp","certList":["signing","encryption"]}
signingCert: <Attach sigining certificate file>
{
"encryption": [
{
"subject": "O=novell, OU=accessManager, CN=test-encryption",
"validity": "Sun Apr 16 10:48:01 IST 2023 - Wed Apr 16 10:48:01 IST 2025",
"issuerDn": "O=SLES15SP3_25_TREE, OU=Organizational CA",
"algorithm": "SHA256withRSA",
"serialNumber": "7b6cda8e6e48b3a4c8e50d47864da6e74505edb8"
}
],
"signing": [
{
"subject": "O=novell, OU=accessManager, CN=test-signing",
"validity": "Sun Apr 16 10:48:00 IST 2023 - Wed Apr 16 10:48:00 IST 2025",
"issuerDn": "O=SLES15SP3_25_TREE, OU=Organizational CA",
"algorithm": "SHA256withRSA",
"serialNumber": "7ba1893d19329391e1f8ecf3064d635098eeffdb"
}
]
}GET details of the created IDP:
API Request: GET https://{AC_IP}:{AC_Port}/nps/api/v1/clusters/{clusterId}/saml2/idp/{providerId}
{
"nidsDisplayName": "IDP2_27",
"nidsEnabled": true,
"nidsProviderID": "https://www.idp27.com:8443/nidp/saml2/metadata",
"nidsTrustedProviderMetadata": "<?xml version=\"1.0\" encoding=\"UTF-8\" ?><md:EntityDescriptor xmlns:md=......</md:EntityDescriptor>",
"certificatesInfo": {
"encryption": [
{
"subject": "O=novell, OU=accessManager, CN=test-encryption",
"validity": "Sun Apr 16 10:48:01 IST 2023 - Wed Apr 16 10:48:01 IST 2025",
"issuerDn": "O=SLES15SP3_25_TREE, OU=Organizational CA",
"algorithm": "SHA256withRSA",
"serialNumber": "7b6cda8e6e48b3a4c8e50d47864da6e74505edb8"
}
],
"signing": [
{
"subject": "O=novell, OU=accessManager, CN=test-signing",
"validity": "Sun Apr 16 10:48:00 IST 2023 - Wed Apr 16 10:48:00 IST 2025",
"issuerDn": "O=SLES15SP3_25_TREE, OU=Organizational CA",
"algorithm": "SHA256withRSA",
"serialNumber": "7ba1893d19329391e1f8ecf3064d635098eeffdb"
}
]
},
"trustConfig": {
"nidsSOAPSecurityMethod": 0
},
"attributesConfig": {
"nidsMiscAttributes": []
},
"optionsConfig": {
"nidsAccessSettingsProperties": []
},
"authCardConfig": {
"nidsCardID": "IDP2_27",
"nidsCardText": "IDP2_27",
"nidsAdvOnLoginDlg": true,
"nidsCardPassiveAuth": false,
"nidsImageReference": "IDPAdministrator",
"authContracts": [
"ALCgip5en"
]
},
"authRequestConfig": {
"nidsIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
"nidsAdvOnFedMgmtDlg": true,
"nidsCreateFedsAtLogin": true,
"nidsRequestedContext": 0,
"nidsAllowIDPProxyIndirects": -1,
"nidsAuthenRespProtoBinding": "none",
"contractsList": [],
"typesList": []
},
"userIdentificationConfig": {
"nidsIdentificationMethod": 1,
"nidsPromptPwdOnMatch": true,
"stepUpAuth": [],
"postAuth": [],
"nidsAssertionValidity": 300,
"provisioningSettings": {
"nidsRequiredAttributes": [],
"nidsOptionalAttributes": [],
"nidsUserNameCreationOption": 0,
"nidsFirstSegmentLenRule": -1,
"nidsJunction1": 0,
"nidsLastSegmentLenRule": -1,
"nidsPasswordCreationOption": 1
},
"attrMatchingSettings": {
"nidsAuthUserStoreDNList": [],
"nidsAttrMapFailOption": 0
}
}
}Update the IDP cluster configuration using the following request:
API Request: PUT https://{AC_IP}:{AC_Port}/nps/api/v1/clusters?servertype=6
servertype:6
{
"unassigned": [],
"assigned": [
{
"clusterId": "SCCjnlrow",
"clusterName": "IDP-Cluster",
"healthStatus": "WARNING",
"updateStatus": "UPDATE_ALL",
"servers": [
{
"deviceId": "idp-FC1418E9062A2E9A",
"deviceIp": "10.71.144.137",
"healthStatus": "EXECUTING",
"updateStatus": "UPDATE",
"alertCount": 0
}
],
"serverType": 6,
"alertCount": 0
}
]
}Get the Identity Server cluster ID.
Create an OAuth2.0 client application using POST request with cluster ID and necessary request parameters as in the following example:
Example: Create a web client application clientTestApp
POST Endpoint: {AC_URL}/nps/oauth/nam/clients/?clusterId={clusterID}
{
"application_type": "web",
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback",
"https://developers.google.com/oauthplayground"
],
"token_endpoint_auth_method": "client_secret_basic",
"id_token_encrypted_response_alg": "RSA1_5",
"id_token_encrypted_response_enc": "A128CBC-HS256",
"id_token_signed_response_alg": "RS256",
"contacts": [
"ve7jtb@example.org",
"mary@example.org"
],
"grant_types": [
"authorization_code",
"refresh_token"
],
"response_types": [
"code",
"id_token",
"token"
],
"client_name": "clientTestApp",
"jwks_uri": "http://164.99.86.160/anup/client_pubkey.txt",
"alwaysIssueNewRefreshToken": true,
"accessTokenTTL": 1,
"authzCodeTTL": 1,
"refreshTokenTTL": 3,
"token_format": "JWT"
}
{
"developerDn": "admin",
"grant_types": [
"authorization_code",
"refresh_token"
],
"application_type": "web",
"registration_client_uri": "https://10.71.144.148:2443/nps/oauth/nam/clients//e6ece84a-3dcc-4057-a90d-47e1a6cab580",
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback",
"https://developers.google.com/oauthplayground"
],
"token_endpoint_auth_method": "client_secret_basic",
"client_id": "e6ece84a-3dcc-4057-a90d-47e1a6cab580",
"id_token_encrypted_response_alg": "RSA1_5",
"alwaysIssueNewRefreshToken": true,
"refreshTokenTTL": 3,
"Version": "5.0",
"id_token_encrypted_response_enc": "A128CBC-HS256",
"token_format": "JWT",
"client_secret_expires_at": 1701191564385,
"jwks_uri": "http://164.99.86.160/anup/client_pubkey.txt",
"authzCodeTTL": 1,
"accessTokenTTL": 1,
"client_secret": "3_31V1ZfdHM7_FX56N9LlpRGzBKTo_s4t_q3EfFuC5K53tQ3j01adTMwZd4jg2shkELrQFkKUZ8NKGXTgk_gLg",
"client_id_issued_at": 1701105164385,
"client_name": "clientTestApp2",
"contacts": [
"ve7jtb@example.org",
"mary@example.org"
],
"id_token_signed_response_alg": "RS256",
"response_types": [
"code",
"id_token",
"token"
]
}Get the client_id, client_secret detail form the client registration response.
Use the client ID and secret to get a code/token using Oauth2 & OpenID connect flows.
GET Endpoint: {IDP_URL} /nidp/oauth/nam/authz/?response_type=token&client_id={client_id}&redirect_uri={redirect_uri}
https://client.example.org/callback#token_type=bearer&access_token=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwidHlwIjoiSldUIiwiY3R5IjoiSldUIiwiemlwIjoiREVGIiwia2lkIjoiNiJ9._MxihHHgOYcetFQx5QH7nOvNEpKttu2v.Lfp3TZ_4p2__kW0j.UMEpu_FVhR3yH1_AG6emcUuUvvLg2FgUoLKkBKxkDtCW1-cfizMyKBuu0HklM_kISzQs00usYHXTNTfmDaoUZAqA4-mPHfMqr2zbUzif6KaZF5J6vkTtjJDEz8qzHplXHqkP-Ezck6HRKZ1wNmHSaXqn5-dal6Q1Nv7ELUTZrRbeBKB3Ai1KFRnkTYlmGbYPZbjiSmIpcuju-wovxWZGGxuaw2J-yex5jUtonrhQCQ804P-bEu67bqx69OBeYJeasNl5WOZrJ0vgxfTPBmTjE96DIaJC5Z48QhPSv1ihb6KQEx1GBYdfXgaKx7jBCm9QTQmJ5izIaI6Rrfx0y3hCVz3RNT80nAT4s3xV-7nAwMEkfILtRIiWFtU4nxvgG3wTKvSBDPjRrnoHcw3ILg0ChNu2Dk8DQkZi8BZasBuThhucgPlOYC-nm_Oh-6QhV2nqJDPmFVhmBAftZHi39SVVWSU-n1k5cxor3c0T7dbWCC2P5nEBPkKTVWlNXki2R_fklExsbtmI6Jq-HvUfvN3LWtkexrOiOQcsiiFRD8qJbDxC6giUhjsOBUSNVROs-l48Glx1FFeymeoLBPBtkeTKDjxvYOa-frNvGIGbE89_iHPo49BjWrquyWK5SzblEFfOOZbnk36NacVMXEqHrUXvyfxtszCTdfRdFgSetQTS2Rz0jYOhLb6c7ua09ujkGpkyt399iva9wFTMyiJk61XWrf3Jcb-vh6icg7e8TMYj4VdJn6LJLaPufONUxjvPFEfhTqKaC1a_pqRfZFVxLC82cx8lzrswSIzaglN_lSmQWDa8BmZHVzpv1tnJQFdJindQFkuovLIdWUKTFPvldTRCjxaoQwybkvtVmibx_0C5GQLaj9pdPfEPn-BUkLjs_1qbi6NlV1B08Jdu-W9NOyO7FXXatWxoMj-6bbdh4Agb-AcPfEsIaOBFECsNdwmfwjYRIEQXfQGkRzJKialJ66jH8-X0fntpDcLD1OtW9pu_VdhktEZaCjscJRBeBbQ2iIr18SEG6JOLHvCJDTQHBoFEbCgkKrzjnkwvUMs_TWgpYqRWXJFBV2M36pcDnwIw-VUwEKzwrLM1wVxbkv_yEWZyFlcRSmi0Rc0XKmZa0ch9Y_gatxHBEfuZ2n8NTDhmrhQHfJYPUG6HuaH8Msq192K8mzHYvwsixb0UStdmpBmlB4IJru0VcT2vNKashFuvxjcZDsS7uzVia7iYxAes7IcpRiJHPxY-E2csOWqAANKntWPYrFXRk3J4QnGeZg8DnMokuw72DIp6wCzK6N8sIAkbZwMW_EQ605-SmrHm9lT44TwmBqoGphLLw2g8cgtFeAw9OP_C9NrOXcMPl_D0BBfPH6iuEXNygQLXHlyA-Q8nHNc84k_tdrwPWA0AhCmti00R_fyLrFhrQArKfGSfn9YYESnr0q4HF_ncP4xxUAc7uJ8.5QnpRBilWr7s0NVKesxsIA&expires_in=3600
POST Endpoint: {IDP_URL}/nidp/oauth/nam/token
Sample Payload: grant_type=password&client_id={client_id}&client_secret={client_secret}&username={username}&password={password}
{
"access_token":"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwidHlwIjoiSldUIiwiY3R5IjoiSldUIiwiemlwIjoiREVGIiwia2lkIjoiOSJ9.WC_Nu07KuXTQNtgDzzw0tBBhaduXtFsT.qMF4lFCFVCMfFA_F.aSJlJ3esD801DCI78zHKIQK2GPyMmLI_EY_MAoavauZivlP70fhpUslvxSMrSSFEmdXNGziFHGPTvF4D7rgMnA-MzGB1KdUNjVW_gja8zRVGyg1AEDi7zK1dUwhQ4wRm2hHUuh_IueMpzEK6y6jbJwdjyojo7AyIcHKMRWEtiFkTEZE2ppu03VGyg6V219A4oO4OH_YIPcT4r3R-Hi5ONdair41K4uasoWeIgoaYxI48MmBdEkoviD4wh79KLDcAaDMyQVMloqSyy3GWApc5G2p48nNTTeW-6u5A5PFlvyNnE61UagWz4DSGQrggfmIvJMo2JtlnY2DfROEiHtvuuG9yJ7BdQS7FVOe_kO7i7XHX49wkkpJ7z0D32O1pFkencENJzh-uFh5z6gFmpujb5Do8AKfmPar75husiABoRw7yv5a676KY_6XIsLhap9x5k2Je7lnvPFYSIR1J1G-Sf47A3tFKT_3tENYgNfmNhlRV6NKhZqc9R0vMVDHmcRlGJPNHsnqLvULneb81mJVWSpAwfzUUBKAp1X3dqgjS8hNInls0Fgb0MZeSE3pIr7SDcb3M21jySYHHd2epHD7OoyBJPdQ-kqBn10akJ_IJEiT-FnPgtRh5kZDOJtbIPcCgWFUiw1nRqeqd7WI_jteMN4903kfctLECArnAQBtJuh9o6NOzUI7f1kRp9FEniLs0aBzcWMt5KCFvvrRoiR99VbrKx0U1wkGIZXv-Ub3BwUIqu6rl2qLy-b8ah4FrN3aD6CpzuQVOS8AHrZloizgobJlQZ4LBYmqB8WVL8IagiOiM17WhTLi76Yi1pIyQNypkeXkYDQZHTOPWu1r-ElYPApb4zzU-_m04H1w8t3WR9zmg1BtGX1Qq4s8NdrXGzONruIg5Ev1NrDTcOC7uQSPjB4ydTjAsY-PpJpP3BfjRKRjd9Hwb2_HbP5ygMhe3QV4N2znVqpzK6NtUyLA2IqQVrE2Ij_jT2LnysPpOZzxgvGBvrOvN3bdamP-iKtz5Ffe9qpxX844FTYcc9SyYwutOuX8zEtUVtPViz7LKP16Hmtqjl9uZ58rZi_AYNw7P_npa98p62izw0x7S1FBdOLCkDRCO3RR4MutZDg9FKO0OyUrla9uFiH4HCRLcV6Cj8JUzTXE3Vnpz2YtdBmRrRzvgW1mHXhewKDPxVjsar5YHP_9YfaQWFCxOQWqluQQ-gwFSRUyDTlzOazl2PGzOwINYY17EhsYU19ajnKsaTNcn4Cozax--loJHlXe8B5ogoicuZ9ilsVHpRgRHsWhCfaKYADSLGwcxSKzI-SGSLekhuxsHgPWKLlmE9Jkrvgi6W57D-7jDvk2pdlkiez6PC7NxyCLBuQILHyZBtpa9C5pUFM1SNRVNCzPpe-jSHFPjfPyNDCQMFGf7ywWbfUA9PcpyUIGIuENGio7GdDEUmBAlcZL1ZXzI8UjRi55m9o7m-fJOG6ov1o1uVlDxSE4jZDq6zcOh-U0GPmuRK4fNRXPtd_j7CsuKh7GhbAQK5buHd-6oE6B9MWBdPbRx_0npbJogptM.A7ZdJy16QjRViAA1ecXTQw",
"token_type":"bearer",
"expires_in":3599,
"refresh_token":"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwidHlwIjoiSldUIiwiY3R5IjoiSldUIiwiemlwIjoiREVGIiwia2lkIjoiOSJ9.FdqFBHgpQb0Op0SP3IbS_3vIYrFuNjGR.uF9lktSLVLVpceGw.kWrN0Yepscu3Nb_Fti2fFbVpiKITzbNbhOI67i1hgFuyMISFtRQyIYrSNlipps1dTL0GbWdl1i2Verch55KFOloOeD4rN-ZJO7DIeWbAwc9pdjFQfNtXlINsQ8AOyspdlls3BJRaI0bBRh4f2w96uKN66_2N7f321SpJWbJaA6y_5TWKuez20lKCPCTVAdjE31Au9-OPc8NxxOdVHaNI5EgvWVUkusbZmaM9L5Lb7orTyGkyMSCt-7QrqG9rFBdVJxrphTV72B1Bqj45dKPXRbixtQxw_YNHX46rS8DMX4kd6cC4-9220UjUrZfdyCHfMdKO614Cmfb7wGhznq21E6SSWvaVzX0leeffmvXnWnvw5Bn_93jPWB9Cdmz7kk1GxVrznCqkco1N7qSmjZJjdW7y4EhaR2capMVMNRoEd6dJPNuvGjqaTDD46HbldvLV75EQPRTTWGaVtAAlZgOr1MMzMMOfUTPhNWtj20QPIIpk-r-xXinvY0GTBC37jw0kBT9c9jjNaBYGxpG1tecmeT7bKLb2_q_1zfwnB58Sg6WMzcZ6GQOToVviZKVWMWc6rei90e3VAYltbHsPT4wVpyWTIUBB3HqyXFrRrK82qZtyvQw8SdxViuuOBFJe_CaWDNfSulvh2AByJJXbaAEerL2YmR0aeM1Fxa1RtgUTcKDcGJO_P5H6fp_vIHNLL5q34yJxVSYlZK0ivKsT3jtxLub_gH3mohNGgajUpV4Xivnc-hcNySq2ZywKCv4EHoAci-uGfALJPwKVumiVKy3s4m49cXhGgE6mC0-i82Ou2eqSwlNuhroKxIZgj5F_yJB6cZgVMJ94lEC411pum_EsQWFmBumyZD9QFDbQ62t6g9NhS2FEfrHlSvJuLKCz40MCAEvfDehnTLDc1DFI98iginGZMRN3iegEIViR8tvxLZWRodSSi9HmXLh1JAOnFPyOXrWeB1FZ7Gbq0DIWSyQ3inT15TU18kb2Yer4q2NnFiDgF4sUB9YIZ7q1GmMvy07BIiey4RfbIbSRJepogHrkaTeQ0f_Pv1PKEJhXNKVrWW0A0lsFl39l4VQ2DR-zRpryU37pRnOZzvR4M55mkxQwbrjUD2MXBqTCxUD5P3GpEHZNfUodpSwZuuq404JDb6QoU6sySL5wLGPDV0BTaFF8dNaAkWGD2-nJ-fXmkMli2jKGC-trXEn9c8KiYLG1YK3hMGFJThuM9QXTpxPzoBNmC6Kjy7NqqeI16tBNloQ6Woa0rE6kZzB5AR9qOES3D9UOWeJd20nzDrEWhzvaO0qS59veSLbY9QS698PaA2gHiGMMGJZWXVMgqog9M91bdzCXPr67VyjN4foquoJ5jJa1Ti4smWcUSazWMauYhb-8CUYhqnrpZ9hxYGSvfWALypN2VSPd7tLtBUzHDB3jEBDXPTWWZIf1tldE_rlkILbBlWOlCXvl_473Xhwor-JS4v1_Y0BKBUmnWKGcJV5HZTGMws2ruvRXFxu98O8WBWeRNNUu4Ekp_kppiWMeBgPTLhsI5V8VDzbSamLEgxl65QNh_F19wMml6K9wIxctL3zCm1ofbqg4AUv23bxJwN9ux-7kQ9zwIxI0Ddgs7TqV53k3hT0pGNfQEYfQgOAcco0GGeI.rrGm5StsfyRuCYgTlW-mBQ"
}
POST Endpoint: {IDP_URL}/nidp/oauth/nam/token
Sample Payload: grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}
"access_token":"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwidHlwIjoiSldUIiwiY3R5IjoiSldUIiwiemlwIjoiREVGIiwia2lkIjoiMCJ9.qNEMNwhocd3sl5TQ96BZ0telQ_pNVdn9.fCM5OQ2ZmX2FBHNF.jBgODw3RZ1bvdbpeR03PEMDfY8u0uPD5sx15gFVHwlCNjFrsNov6QBM609Sls6HwuamLCZOUEzVqHBeEZatAQE_pWHW6Vc14d2YAmuPR_uDu6KZgG-Df4VArVHDwynpG1KuMR4mejk87If-Le_lqbk_ufSR9p4N1g6s0QpEM2mbnJL0NbH0MH1i8oqtOOnjDxaA1gNgHS1qXjPWhmFWPpDPULdDzZBkWtMXGrSfPZT8MvvuPUAhFbfpgB6L-Q8lgZ3an0-R46mANfwObB9gXKbWjMBcyxSjSC-z8UtL9CcyWOyV7X2ScUTaCRmsa6aEOwAp32nIr3bpbKWhy7f51HwxN8zDgSq4cEtKkWL8SH4wq5icIIsWyb-yNi0v6J4MD1SFaEFruNPXmcSI-rGL-of9wscFBzGugP2TdVvim53xFQ8Eo7-HX_jbdMZW3GEEPEdcLf4gLmD0P5UAWDa05m0WHskpat-_CnFMGaEaaUloUQmQQM2mpfsM1Rgz-Glb6UeDiYK8YKAoWGkcq-PJMEUX-uGQchR60O86QHjZWwAJuD8HavEEtJCKSpj5CV3SFLct6MnchrWWln1iKhXtaplTV-LNJ-5GS0-wzvcgqRL3krgZygDbvlrQzNWy9wLiqWZJq69mrqRdlbWiaRyTfyLPUr3tpTU-locCYTzKrsrwhrbfXO72fyGvbGwIEaN0k8ibtNpL1AKSZs690GItd1dthcSdMqo9PC1OzqQ5q__ClLH7D-re_w676lE07_roU3TvPIhKTRNuqJfrzCCSTKirqGLcMWGgUqxIPZDiwo6s6dWwqh5yhvmI_YyhWTaZWVAomKrAYi_PJVoPCTobliIulKLcD-XmDxwkAx8E0amxc87bSXUwSuvdp7HP067opTtGIHaIaAZAdTLpW4Lnxip_zzma0bXclPPQx19j5CLShe3LhzdowIsvHVOqyH6Bz31eODQOZYnrjnCp264WixH68DZw4TzaS7oXGiM1v8Et3veXz2ony_6AyFUNQry4a40KVLtOKxxTCvq5-6PPb562NkBjAT_d8pM5wC1G8KCtk3bkPARdB59bchAAxARkW3i1itA.gYIsLVaObJx_yf0-NOXtoQ",
"token_type":"bearer",
"expires_in":3599
}
GET Endpoint: {IDP_URL}/nidp/oauth/nam/authz?response_type=code&&client_id={client_id}&client_secret={client_secret}&redirect_uri={redirect_uri}
{
"access_token":"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwidHlwIjoiSldUIiwiY3R5IjoiSldUIiwiemlwIjoiREVGIiwia2lkIjoiMCJ9.qNEMNwhocd3sl5TQ96BZ0telQ_pNVdn9.fCM5OQ2ZmX2FBHNF.jBgODw3RZ1bvdbpeR03PEMDfY8u0uPD5sx15gFVHwlCNjFrsNov6QBM609Sls6HwuamLCZOUEzVqHBeEZatAQE_pWHW6Vc14d2YAmuPR_uDu6KZgG-Df4VArVHDwynpG1KuMR4mejk87If-Le_lqbk_ufSR9p4N1g6s0QpEM2mbnJL0NbH0MH1i8oqtOOnjDxaA1gNgHS1qXjPWhmFWPpDPULdDzZBkWtMXGrSfPZT8MvvuPUAhFbfpgB6L-Q8lgZ3an0-R46mANfwObB9gXKbWjMBcyxSjSC-z8UtL9CcyWOyV7X2ScUTaCRmsa6aEOwAp32nIr3bpbKWhy7f51HwxN8zDgSq4cEtKkWL8SH4wq5icIIsWyb-yNi0v6J4MD1SFaEFruNPXmcSI-rGL-of9wscFBzGugP2TdVvim53xFQ8Eo7-HX_jbdMZW3GEEPEdcLf4gLmD0P5UAWDa05m0WHskpat-_CnFMGaEaaUloUQmQQM2mpfsM1Rgz-Glb6UeDiYK8YKAoWGkcq-PJMEUX-uGQchR60O86QHjZWwAJuD8HavEEtJCKSpj5CV3SFLct6MnchrWWln1iKhXtaplTV-LNJ-5GS0-wzvcgqRL3krgZygDbvlrQzNWy9wLiqWZJq69mrqRdlbWiaRyTfyLPUr3tpTU-locCYTzKrsrwhrbfXO72fyGvbGwIEaN0k8ibtNpL1AKSZs690GItd1dthcSdMqo9PC1OzqQ5q__ClLH7D-re_w676lE07_roU3TvPIhKTRNuqJfrzCCSTKirqGLcMWGgUqxIPZDiwo6s6dWwqh5yhvmI_YyhWTaZWVAomKrAYi_PJVoPCTobliIulKLcD-XmDxwkAx8E0amxc87bSXUwSuvdp7HP067opTtGIHaIaAZAdTLpW4Lnxip_zzma0bXclPPQx19j5CLShe3LhzdowIsvHVOqyH6Bz31eODQOZYnrjnCp264WixH68DZw4TzaS7oXGiM1v8Et3veXz2ony_6AyFUNQry4a40KVLtOKxxTCvq5-6PPb562NkBjAT_d8pM5wC1G8KCtk3bkPARdB59bchAAxARkW3i1itA.gYIsLVaObJx_yf0-NOXtoQ",
"token_type":"bearer",
"expires_in":3599
}
Sample Token Request: To get the token, pass the code received in the above request to the token endpoint:
POST Endpoint: {IDP_URL}/nidp/oauth/nam/token
Sample Payload: grant_type=authorization_code&redirect_uri={redirect_uri}&client_id={client_id}&client_secret={client_secret}&code={code}
{ "access_token":"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwidHlwIjoiSldUIiwiY3R5IjoiSldUIiwiemlwIjoiREVGIiwia2lkIjoiMyJ9.9xXqTFlrbot6jIUllnsUgpJw12qGB35j.OsHMy9LEkCFOEEmN.BoZjaA8fqnDUqdE84N63Cm9P0Zuln55-bU6liBMBc8qm2n7p7sFIMZfbNSisrwopsshMhul0TzOOU_ESfqA2FMIR8Lhy1DP6cTOmYq8dL0Tr1NPmEisyTCnWcT5pPzeMBzCVKMjbkuRu2LfOoCelWT-qCdKQBXcRyoWVldWMgNepZGdGeNs3dfeYLW2XnBfICyHleNsviFCSTKI-G2o3iCPRoj4gdyzOFuzZ3IX-SWDtVHrLfzYF9zMXbb7AP3Y0Nj0FT0UTV1KeIji-WNdl_VXgqyH6AtLIH-amU_RDK3xNLnDCrvt5OnrHF297gP8RO0p1pHS2_19Zp-srWCc2CTKduIAFaXgtVc0CWM1hRF4xb6UPx4DBmpzqFH6Enczs_rtTIL9-7kOlcVgMZdtxViRuVPnfoHiwy8NZvj3Tk7OIGq-6fTIjKTn3oQgBbfeZfIOFBO1ns5IhtqEMBHfG6tOkP0yXQWR7QYiD7YtRKLgdkUk3qB8n3g6HBcXLJ2rDn_i3Wipce9iNn5KpxzYwLj__-CrPuTwJB1tTTgymEiwcrfhBOwZi1XgwmqtgEjC8JmXtTZ2zxC8oDPfWuUCJ3KIVew_giXgkHVfr37QxeFhCTmc7rRyTX5rzSthz4MLUY_Xi0hOgurO4zO2xY0ySv1pdZU6JHXhYvxIh8Bn7o5XOl6FZToqKw_n4lZLuThL3d4uPHBfizuWy3GVbMzPNkmhYN28HWbTbB4Pw14uLHJ2z7FKXVc92qqpJF5OkpqdDYr53SxoGKZmRsRmouC0rbg_lxvy3oVPDxW3V2-KMHN4Hd9_P2Gof23iiYIHHPAmMOJayh2C0bu-oT-0G3rBj4MRA2ul6NjUdzTlFQEX4-5jSKyl-PNjG1N8epDe_qiwJKH7t8REG3Ta6RfcjWrwGluD2gufFoeFcyGhfWPf5hPt_WrlDH1loJr_r_0fg1CgctfMBO7qumWsyHIOR2t1rHs7x8DHwLEyBh2NY_jMlJzQEd47Dq2om7L4A-mscNO-h9BqDk0S9W3wRiDc8NCCXUrAg-651SU_lzz7qRwjc7tiyM4I3cwGzbWE7-DR3OexCv33rCGPDslLNvwG8XElhgbn8YBB6PC2-Bxw_-lPB7IaS0yfVHmMhn8HLy0p0-BqlQvrrA5fqpYQku7MX9aS1xbb4kP8nOd2m66IFrgrrLkvWyheDiv0KcxQe5SskS_VHHDrs9MsJJWt0lAwjdQvpx3se8hDD1DlhuQB7bNG7-3JYVgwoSnJfrBakKtvMpopdaM1ovj4O7GXpFsDg2uJaNnuM8YAW1KFFjfxEMLdrB_XcEakPVsaPS1GNsfNJc4wpbbpAUz1woGOazgvecFCmKt_sF9rO0rVxC8fYK24Pu8N5gwQN9PKzXkODuWyJO-Z02YACRZZSQFpU7Q8L5TL42MFOiDoCa4Lbigv6pE2mfVZmf-SfHD6DnHg6wEtI-yUHp0EPjU0m7TBJ9P0QFyohSJUL_v-DKnUEFPxGOQyfqQ1Qo-7JTFf9Tytxg-oaocfMNRDEB_vdEnAT6XPihVu4feWwVc_QSWrFqMdu1Fpgy1G4nD5mPsBtaT5h4NseXOCEbu6voOzauRoQUkm-gyrQPz9sCWz5uPlx1sQA9O2Di1RyM2gvyw.XLC367r0c-WOS68trSo9bA",
"token_type":"bearer",
"expires_in":3599,
"refresh_token":"eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwidHlwIjoiSldUIiwiY3R5IjoiSldUIiwiemlwIjoiREVGIiwia2lkIjoiMyJ9.KHpzgehFwMDfTR2932Hb6vIfj-PwpnHs.rfghnqrAUo6alDB0.PAEsu-TmENOUiU-B8b3gQ9EtvyXpMV9JcT4VX_J6udVcISeEtnmi0nMc2vudVE7reQz8ZbzCOUK1_4cV_nO4GY-IBGa4NwK69v6oeCpw5ciI3t9RsAfsh-EnildLEo_n7vgSz0a6wZIDRPBZuSVUzolIfADG9oM0VksHQ-XuDF9KgWpg3iMWZdxlD3aUGj9h7FRQ0x3hL7q8Ru-74ocnGxgz1R0m2ON3acUTvU9zOcZObXDhmMCYnq56KFHf49Ci7HN0T6du3Na1aa5dd_nFmaBIc_DFhQ2Fzu6iqm4X8EG1HuBp5uDLsm5zmlCIHatxY0FD6uoV4OQeWRAFa1SIu7oRZqQdXkaV9hnMuFoQwndIT77-qkNgfX8MPWxtvhz_yYNQDgh82-3oWTOCA9XUaib6xaXtmEWCRJ1mrCytxxI_V1iQmwX_JPxWbAu7dbGapdR0Ikka7t2c6J1XUmeFS44lZqYcEROVGI9J18cS4eegXJwBcuJZQEf9kI144lROERj2bPhsw0K5AUYMuZ6D3ROVOZAhwfdda1gQeidPn5urkugxlMzp4AVWDRPNqLcNFqcqZ9WHAaJbxDlLY9NMMEHeqohLZBu9osZun7ihtRL6cD_LcEo1W1ChT9TTOElosFP9PkFDDmSLYI-7IRWccuJMB-sJIvg4lACqiIeNw9Bvl5rEbqEYCn3BaEFpbAXAvKOldrf6DDlgD9XNzdiyvz4WLMu_6Z53hmqQxtok5tbY88XCZdRaep8Xhe5qhLBVEkA_skTJqy2_3yweqigxELmcPXEW-Bp7Mjv5Id3D49E14G051gkLxK0FXn0Dx0IFxZpSsl9A1S9v2mv36Gdv_vA8lS_GbPvzCKl5b5ktESuhWcJwkGFtwDFhIU3xtcBkwqK6p05BehJrF_abBwWVnmm5D-rp6YIJTDG-NDD57rTQAMf1XFUHHswNh2977QDLBg6-VoCKLHM1p_AGujcocQl6tqDBGELEI3TSzmt5bEmwFkhqEqRTe1CMiLjWTqZjll5am0DmqGgNZgOBHiubAgU6FjfYtQiQ1DBZ-ca1003hn_q2vofw10-d9nbCJtpTN1nWUA-opmQ34DalJg7Gpaa2-XDYW8M-YJnbLOFq6ip_VrM9pI1UFL6x9mKHu2mRYXM395HmuH6-w0owmb40YQ6-CygLCLAGb3FEUc02SP7Qu-ty92b6BOrEXVgKXo8NbJmsr2N70KuJYnoRyofDUygQEimpFL9_tQmvjMR70BHbSSZOy8dP-xmh_H9TEGf_lNoW4-VKv3onCfjW15Q_JdgUjwcLs82TRd0N_pP6KlH51dIK0kr8r75tD_fd7aflHLKJ0Z8Eha7q4xyhHyy2Qqwid7s5ip6bQC6OSJ31wLo5sPXQZ7VvrNjFbHu3ZkrdKYbKwDTMkr-G0B9dZpHZnDhtAMLQVyToG8Qs-B1lt2FpGIBXK7IER65cBKgLQ0c12FNizA3Cri6ZtMK9U_DPOyV691x-NFaQAatPLRWtn1tz9HY0yZ7afxUzV9Ii3ngVlFx3Z5Eq2N7ylPXTTy-Lo3OQ8hucnShej33o8_XqIdmg_CJUHXhLeWMtwDvJn79OnZB45s-ec7E7xIrlPJxDOS_CsKIPiaYLg1yCqYgTzQ.hk9PpPv9kPkTV54iIA2dIg"
}
GET Endpoint: {IDP_URL}=?response_type=code+token+id_token&client_id={client_id}&client_secret={client_secret}&redirect_uri=https://client.example.org/callback&scope=openid&nonce=test
https://client.example.org/callback#code=/wEBAAICACAg58k/QnhCtPxyUNLXxX3Q5rUbVOsJYXbNTQ3IRWwzibIsVaZuccKTc/3nszv8tGQe57fEdO54ZeOUjwD1h1PQi84ZV1yP803a4TCKlGEyHit0hZVdTBfEmbmg0NR4zrz15B4p7XKAuRc4CHTmHlFfe4ykcBnUfK7knecGSFhZiP3QuweqM9BO11YFXrj6c@pvIzkhJiLG7dXSHVfktRGk8JH8Tr35h3JsYE0hIuUj8KCyI5/LjhMkWiXonqchblUL42iyzuGCe6YVxEZLdflmhdfJ@js3sMOhpXgjMixR9RKEfiz@IsfaDl5IoRP6Q@3zqcUfx3BoJdDU/Iv6mnPzXon5ugJfNbj/GgZHWd99Rn9O50d2Zl5EZL78/3Tqb1WVqB9SPr1xrHL2GAR9Dh0n0hzeoW@/Knc9yedWNti4xtfeSntheVdsJ7qn08RIGdzVg@TXn3VJG9cxje7TfhNJIBdMCBddPUJ7xl1FcKj9xPecioYymdsunOFVizCjPs8~&token_type=bearer&access_token=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4R0NNIiwidHlwIjoiSldUIiwiY3R5IjoiSldUIiwiemlwIjoiREVGIiwia2lkIjoiMyJ9.LCQJICOW6_cW8x6QyjvB3x6NfInEIvQk.KWuHYNRQ_DmjpRNC.KecT-1ZKhqYbkcaPd1TAP3aBLVNK2TPOD65N442W_kgfuLCikq8eib3Ch9hu1_jR9tCXVb5iFQXTfrB8GabcwXWyr-pedtEuXwh0LzIctlJprrDjS4_pqU13li4XWbTveEXQ9pdfyPKyiBcj5AC3SDMnwJflalvL1pzFxHcPDmEDXFeAkPgErUHA2vH9-MrLgu45UatgIv5gKGwcd6ra7sl6q2mAH-jQR5tPZNxrq4nH4lrNulNK0axHTSAFr9MTu9uiHRiC4_HzMcYRgJG3TqKHbpmuxT3efnPpZ9FKoYqMpfGIVR_l2ObyczJ_kD6CdGhT5TANqrg3y0CDfbj-2LFtrmly0nSP-GZrOXQ0ccNZ6icBwjH4J9R5Uh_cfcF95MKJdJUGzHfMneSKzWSg9Vhb62ys04kZoRDGrLgAYHcypHUqJxJylUlTskuSMrYs13yaZNAxuCMLC7xq1mEIDld3EZv_YjPtgpM8m032uKPt05MWLtTidfiCaduMRjQrPLtZx8u2S2bpYm2zX7H96qWWc3yNJ8bfAun1aFtF1nMDpKAMpL8Xty6QIClCp-uKwWMEcG-RtV6rrO8Kk3mdtcX7VkZhHyN4PFB9EuBHtuQt6mtgUkA9tT8v6cZDP3U10B54CjiqcytvdrTc5kWom4EIPjcWB5lVMuyluC6DnK1tmMYVMPKjf3hGeuwLtHEtOI6YEmcYCFmxF_B1VRybL9ieK5VMODsFt82J_dgKGqsjcJCf7O5CmXeFwnClNfIBCTuF3LW_FAHWvUXv-F-vjR_NMOap-gaNkIzupjrGmoGxvYqzfOsS5oQ5jPHoL-X6oYHc0L6cFMSiLWK6VFMbxmNBstItuz1useEZglLwhqF5QYA300ucbWP7qw5z9U9T0wUMZhrcCJ0e_w8wQmhPcqVbFmsBw41vteGa1Syc7JJTGWIQSSrqkPlkZ_9BsPjWhFYiyUMLuFm8EagsVwCkOwDruw-Af1gJLO7Gp86NanopvOfOTGCDYR3VyTXlTy-YRdfKX0BhR7qaquEYUhSJSzVW9gYfMm2UDRgxzHokqNTMFELvhOCequHCi6K_vYH81p4B_r7_cntE4H7_ZigMoYeycPv-7pKL9sWZgcRXnzyQsciwwxPg6inFNYMsg4NDFCM5jFlsvvoqaAPxq3LF9Wqg7KFIdeBopPZRuMCL1Afpg-N9uOOATMzFPUL1VotY1XANV1Pl-MPZ21sSKRuA1gLs8iQY2bnGXr-mIAuOmF73CMhlYV6vykNolY3-CwsGItHF0eKYMuWv0xE7HBLmVOny5auJ1TGJu893iplufedhtgfhTYxIioa2IaHJOugr2OLQUe_sRp8SZS1QYQvyzA7zDhTWPVuswOH_C4NLM_ZZsd78POXik0PqzwVAlTJOuJZPwVkDnzBqmZUWu5yuvHZqBqhTbyVPXAq49M__.18Ykasr5eP9jqoOFPVA5JQ&expires_in=3600&id_token=eyJraWQiOiI0OTc1MDgyNDc4NDQ2NjY1MTA3MzM1Mzc5MzU1Mzc4ODMxNjE3ODQzNDkzNTI4NzgiLCJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwczovL2lkcC05MC05LmNvbTo4NDQzL25pZHAvb2F1dGgvbmFtIiwic3ViIjoiOGEyNzA4NTk5ODQ4NjA0ZWJkZWU4YTI3MDg1OTk4NDgiLCJhdWQiOiIzYmQxZTgyYi0xNTBkLTQyZDktYmY0OC0zM2M4NDY0YWQwYjAiLCJleHAiOjE3MDExMTQ3NjksImlhdCI6MTcwMTExMTE2OSwibm9uY2UiOiJ0ZXN0IiwiYWNyIjoibmFtZS9wYXNzd29yZC91cmkifQ.
This API returns the health of Access Manager devices such as Identity Servers and Access Gateways. The API returns the health for the following levels:
Entire Access Manager
Each cluster
Each device
Each service and component (remote web servers, data stores, and so forth)
You can use this API for integration with external systems, such as NOC, to view the status of Access Manager devices and the remote web servers.
Invoke the URL https://192.168.0.0:8443/amsvc/v1/health?expand=4. The 'expand' parameter specifies the level of detail to be returned with accepted values 1,2,3 and 4, where, 4 represents the maximum level of details for all the devices.
<amService xmlns="urn:novell:schema:am:service"> <health status="noReport" uri="https://192.168.0.0:8443/amsvc/v1/health"> <idpClusterHealthList status="Green" total="1"> <clusterHealth status="Green" uri="https://192.168.0.0:8443/amsvc/v1/idpclusters/SCC7c9nsp/health"> <instanceID>SCC7c9nsp</instanceID> <displayName>IDPCluster</displayName> <deviceHealthList total="1"> <deviceHealth status="Green" uri="https://192.168.0.0:8443/amsvc/v1/idpclusters/SCC7c9nsp/devices/idp-CC1B3FFB0BC40AD8/health"> <instanceID>idp-CC1B3FFB0BC40AD8</instanceID> <displayName>192.168.0.6</displayName> <serviceHealthList total="5"> <serviceHealth status="Passed"> <serviceName>Config Datastore</serviceName> <message>Operating properly</message> </serviceHealth>
NOTE:This API on invoking returns the latest health information saved in the Administration Console, which gets refreshed every five minutes.
This API returns the statistics for all Identity Servers and Access Gateways in Access Manager.
Send a GET request to the URL which is in the format: https://192.168.0.0:8443/amsvc/v1/statistics.
<amService xmlns="urn:novell:schema:am:service"> <response code="SUCCESS"/> <statistics uri="https://192.168.0.0:8443/amsvc/v1/statistics"> <idpClusterStatisticsList total="1"> <clusterStatistics uri="https:// 192.168.0.0:8443/amsvc/v1/idpclusters/SCC7c9nsp/statistics"> <instanceID>SCC7c9nsp</instanceID> <displayName>IDPCluster</displayName> <deviceStatistics uri="https:// 192.168.0.0:8443/amsvc/v1/idpclusters/SCC7c9nsp/devices/idp-CC1B3FFB0BC40AD8/statistics"> <instanceID>idp-CC1B3FFB0BC40AD8</instanceID> <displayName>192.168.0.6</displayName> <statisticList total="90"> <statistic displayName="Cached Sessions">100</statistic> <statistic displayName="Historical Maximum Logins Served">890</statistic> ...
NOTE:This API on invoking returns the latest statistics information saved in the Administration Console, which gets refreshed every 10 minutes.
You can use Scaling the Device APIs to scale up or scale down Access Gateway and Identity Servers. These APIs can only assign or delete a node in an existing cluster.
To configure the Scaling the Device APIs, perform the following:
To scale down from a cluster, perform the following steps:
Delete a node from an existing Identity Server cluster. Send a DELETE request to the following URL with the cluster ID and the device ID.
NOTE:You can not delete the primary Identity Server nodes; only the secondary nodes in a cluster can be deleted.
DELETE Request:
https://<ac ip/host>:<port>/nps/api/v1/servers?serverIds=<serverId>
In the above DELETE request:
Server ID: The Server ID of the Identity Server node that is to be deleted.
200 OK
To delete a node that is not part of a cluster, send a DELETE request to the following URL with the device ID for which the Identity Server node that is to be deleted:
POST Request: https://<AC_IP:PORT>/amsvc/v1/idpclusters/<clusterID>/devices/<deviceID>