Versions Compared

Version Old Version 9 New Version Current
Changes made by

Scott Hoppe

Vinesh Malviya

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

After Creating a user via web service, there is an additional step to connect an account to an SSO service. The user account must be mapped to the 3rd-party authentication provider.

The required values for creating or updating the mapping are the EthosCE user ID (UID), the external identity provider's user ID (authname), and the authentication service name. The authentication service name may vary per customer, and can be provided by a project manager. In the example below, customers using SAML SSO, have a value of simplesamlphp_auth.

Sending an authmap creation request

...

languagephp

...

Following steps to be followed for creating SSO user via Webservice

Step1:

We need to Create User first

Endpoint - user.json
Method - POST

Below payload will create a user with the roles “course author” (105847459) and “reviewer” (175031666), by sending the corresponding role ids (rid) as an array of values.

Code Block
{
	"name": "newuser_username",
	"mail": "newuser@dlc-solutions.com",
	"status": 1,
	"roles": [
	{
		"id": 105847459
	},
	{
		"id": 175031666
	}]
}

If user created successfully following response will be received

Code Block
{"uri":"http://your-domain.com/authmap.json?uid=300");
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curl, CURLOPT_USERPWD, "restws_webservice:webservice_password"); //Your credentials goes here
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);

$json = curl_exec($curl);
$response = json_decode($json);

// A list of users matching criteria will be returned. If this list is empty, a user does not have an associated mapping value.
$list = $response->list;

// #2 Send the creation request, via POST
if (empty($list)) {
  $authmap = array(
    "uid" => 300,
    /user/123","id":"123","resource":"user"}

Step 2:

Create Profile of user

Note:- A profile to an account requires the user id (uid) to be assigned to the user field in the profile data. In the previous creation request the uid value returned is 123 (Passing "user": 123)

Endpoint - profile2.json
Method - POST

Code Block
{
	"user": 123,
	"label": "Profile",
	"type": "profile",
	"field_first_name": "John",
	"field_middle_name": "Middle",
	"field_last_name": "Smith",
	"field_profile_location":
	{
		"street": "123 S Broad Street",
		"additional": "Suite 2260",
		"city": "Philadelphia",
		"province": "PA",
		"postal_code": "19109",
		"country": "us"
	}
}

A successful profile creation request returns the following:

{"uri":"http://your-domain.com/profile2/72","id":"72","resource":"profile2"}

Related document - Creating a user via web service

Step 3:

There is an additional step to connect an account to an SSO service.

Before calling below Endpoint we need to verify is user already mapped or not using

http://your-domain.com/authmap.json?uid=123 [We are passing the user id which was created, if it returns empty list we call Endpoint]

Endpoint - authmap.json
Method - POST

Info

The required values for creating the mapping for connecting account to SSO, are the EthosCE user ID (UID), the external identity provider's user ID (authname), and the authentication service name. The authentication service name may vary per customer, and can be provided by a Product Specialist. In the example below, customers using SAML SSO, have a value of simplesamlphp_auth.

Code Block
  {
     "uid" => 123,
     "authname" => "ethosce_authname",
     "module" => "simplesamlphp_auth",
  );
  $curl = curl_init("http://your-domain.com/authmap");
  curl_setopt($curl, CURLOPT_CUSTOMREQUEST, 'POST');
  curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: application/json"));
  curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  curl_setopt($curl, CURLOPT_USERPWD, "restws_webservice:webservice_password"); //Your credentials goes here
  curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
  curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($authmap));

  $json = curl_exec($curl);
  // An array detailing the new user entity is returned if successful
  $authmapInfo = json_decode($json);

Successful Return

...

}

123 --> This is the user id returned when user was created
ethosce_authname --> SSO USER NAME we want to MAP
modulename will be simplesamlphp_auth for all entries

Eg. if SSO username is TU06503

Code Block
  {
     "uid" => 123,
     "authname" => "TU06503",
     "module" => "simplesamlphp_auth"
  }

...

A successful return will provide an array detailing the new authmap record information.

...

Return Attributes

id: The authentication ID key tracked by the database.


resource: The entity type created

Code Block
{"uri":"http://www.domain.com/authmap/1","id":"1","resource":"authmap"}
Info

For above response below are details of each attribute
id: The authentication ID key tracked by the database.
uri: The unique URI used to view or update the resource
resource: The entity type created