Reserved Attributes
"id" is a reserved attribute referring to the internal id of an object.
Intrinsic Attributes
Each object has a set of intrinsic attributes that are predefined by the system.
User Defined Attributes
Every object may contain a set of user defined attributes.
Attribute Name should NOT contain whitespace, dash and special characters, but may contain underscore. Attribute Name is case sensitive.
Attribute can be a basic data type, an object or a collection. An attribute can be referenced in the format of "objectName.attributeName". Following are some examples:
- user.id user's ID
- user.domain.id user's domain ID
- role.scopes.domain.id an array of role's domain ID
- policy.options an array of policy options
Attribute Properties
Property | Type | values | default | mandate |
name | string | true | ||
description | string | |||
type | string | STRING | STRING | |
tags | string | |||
external | boolean | true | ||
multiple | boolean | false | ||
readOnly | boolean | false | ||
required | boolean | true | ||
encrypted | boolean | false | ||
searchable | boolean | true | ||
system | boolean | false | ||
mapsTo | string | |||
defaultValue | string | |||
immutable | boolean | false | ||
intrinsic | boolean | |||
label | string | |||
comment | string |
Available attribute types:
STRING, TEXT, BINARY, BOOLEAN, INTEGER, LONG, DOUBLE, FLOAT, DATE, ENUM, PASSWORD, EMAIL, TELEPHONE, URL, OBJECT, COLLECTION
Notes:
- An attribute must belong to an object. Therefore, every Attribute API must specify the Object's Name.
- Intrinsic attributes cannot be deleted.
/attribute/create
To create an attribute. On success, the method returns the internal id of the newly created attribute .
Example: to create an Identity Attribute (aka, User Attribute)
Parameters:
{
"objectName":"user"
"attrs":
{
"identitySource.id":the id of the owner Identity Source,
"name":attribute name,
"type":data type of the attribute
"external":true/false
…
"mapsTo":mapping nameif external
"defaultValue":default value if internal
}
}
Response: {"error":0,"result":{"id":2}}
/attribute/delete
To delete an identity attribute. On success, the method returns error 0 with no result.
Example: to delete an identity attribute.
Parameters:
{
"objectName":"user",
"id":the id of the attribute to be deleted
}
Response:
{
"error":0,
}
/attribute/set
To change an identity attribute's properties. On success, the method returns error 0 with no result.
Example: to set an identity attribute's properties.
Parameters:
{
"objectName":"user",
"id":the id of the attribute to be deleted
"attrs":
{
"name":to change the name
"type":data type of the attribute
"external":true/false
…
"mapsTo":mapping name if external
"defaultValue":default value if internal
}
}
Response:
{
"error":0,
}
/attribute/get
To retrieve an attribute's properties. On success, the method returns the set of properties
Example: to retrieve an identity attribute's properties.
Parameters:
{
"match":
{
["objectName","=", "user"],
["identitySource.id", "=","Identity Source id"],
["name", "=","the name of the attribute to be retrieved"]
},
"return":["*"],
}
Response:
{
"error":0,
"result":
{
"name":attribute name
"type":data type of the attribute
"external":true/false
…
"mapsTo":mapping nameif external
"defaultValue":default value if internal
}
}
/attribute/search
To retrieve a list of attributes of a specified object.
Example: to retrieve a list of identity attributes.
Parameters:
{
"match":
{
["objectName","=", "user"],
["identitySource.id", "=","Identity Source id"]
},
"return":["name", "type"],
"sort":"name",
"order":"asc",
}
Response:
{
"error":0,
"result":
[
{
"name":attribute name
"type":data type of the attribute
},
{
"name":attribute name
"type":data type of the attribute
}
]
}