Raskshak RESTful API

Rakshak provides RESTful API for retrieving and managing group membership in addition to APIs for authenticating the users. These APIs can be summarized as follows :

• 1 Ping
• 2 IssueToken
• 3 ValidateToken
• 4 GetUsers
• 5 GetGroups
• 6 ManageGroups
  • 6.1 CreateOrModifyGroup
  • 6.2 AssignUserToGroups
  • 6.3 RemoveUsersFromGroup
  • 6.4 RemoveGroup
• 7 Features implemented in various Identity Providers for Rakshak

Ping

See if the Rakshak is running

HTTP GET http://localhost:1111/securityTokenService/ping

If Rakshak is up and running it should return the following message 

I am alive

IssueToken

Authenticate user and issue a SAML token

HTTP GET http://localhost:1111/securityTokenService/<<identity-service-name>>/issueToken

The username/password of the user must be provided in the HTTP Authorization Header

If successful, the server responds with a SAML token.

ValidateToken

Validate a SAML token

HTTP POST http://localhost:1111/securityTokenService/<<identity-service-name>>/validateToken

The body of the POST request must contain the SAML token to be validated

GetUsers

Get a list of all users from the underlying IDP

HTTP GET http://localhost:1111/securityTokenService/<<identity-service-name>>/extensions/getUsers

returns a list of Users encoded in JSON format :

[
  {
    "name": "plzsp",
    "email": "[email protected]",
    "firstName": "plzsp",
    "lastName": "plzsp"
  },
  {
    "name": "jtshw",
    "email": "[email protected]",
    "firstName": "jtshw",
    "lastName": "jtshw"
  }
]

GetGroups

Get a list of all groups from the IDP

HTTP GET http://localhost:1111/securityTokenService/<<identity-service-name>>/extensions/getGroups

returns a list of Groups encoded in JSON format :

[
  {
    "name": "Student",
    "users": [
      "ameen"
    ],
    "description": "Group of Student"
  },
  {
    "name": "Test-Group-1",
    "users": [
      "ameen",
      "ashish",
      "nadirsaghar"
    ],
    "description": "test group 1"
  },
  {
    "name": "Top Secret",
    "users": [
      "admin"
    ],
    "description": "This is  a group of highly skilled ppl "
  }
]

ManageGroups

Create new group, Edit group membership of users, Delete existing groups

CreateOrModifyGroup

POST request body :

{ 
    "groupName" : "<<groupName>>" , 
    "groupDescription": "<<groupDescription>>" ,
    "users" : [ "userA" , "userB" , "userC" ],
    "createGroupIfNotExist" : true
}

 

Request :

HTTP POST http://localhost:1111/securityTokenService/<<identity-service-name>>/extensions/createOrModifyGroup

 

AssignUserToGroups

POST request body :

{ 
    "username" : "<<username>>" , 
    "groups" : [ "groupA" , "groupB" , "groupC" ]
}

 

Request :

HTTP POST http://localhost:1111/securityTokenService/<<identity-service-name>>/extensions/createOrModifyGroup

 

RemoveUsersFromGroup

POST request body :

{ 
    "group" : "<<username>>" , 
    "users" : [ "userA" , "userB" , "userC" ]
}

Request :

HTTP POST http://localhost:1111/securityTokenService/<<identity-service-name>>/extensions/createOrModifyGroup

 

RemoveGroup

POST request body :

{
    "group" : "<<group>>"
}

 

Request :

HTTP POST http://localhost:1111/securityTokenService/<<identity-service-name>>/extensions/createOrModifyGroup

Features implemented in various Identity Providers for Rakshak

The following table highlight support for various features provided by different Identity Providers. Some limitation exists due to the underlying Identity Provider technology.

	IssueToken	ValidateToken	GetUsers	GetGroups	ManageGroups
LDAP	X	X	X	X	X
LDAP/CSM	X	X	X	X	O
Dorian/GridGrouper	X	X	O	O	O
Property File	X	X	X	X	O